 All anti virus updates disabled, unable to update spybot,NOD32,AdAware |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
Forum Guidelines
Read this topic before posting a log. DO NOT post a ComboFix log unless requested to. Only members of the HijackThis Team or Moderators are allowed to help people with logs. Anyone else should refrain from posting to another user's log. When posting a log please put the type of infection you have in the topic title. IE: Winfixer, Virtumonde, WinTools, WebSearch, Home Search Assistant, etc. Do not bump your topic. We try to resolve logs on a first come/first served basis. By bumping your log you will be pushed back in line due to the new date of your bump.
  |
 Jun 11 2009, 11:10 AM
Post
#1
|
|
|
Member  Group: Members Posts: 24 Joined: 11-June 09 Member No.: 341,012  |
Thanks in advance for any help. DDS (Ver_09-05-14.01) - NTFSx86 Run by Zvi Schiff at 18:42:34.62 on 11-Jun-09 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.1023.503 [GMT 3:00] AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== F:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe F:\WINDOWS\System32\svchost.exe -k netsvcs F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe F:\Program Files\Lavasoft\Ad-Aware\AAWService.exe F:\WINDOWS\system32\spoolsv.exe svchost.exe F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\Program Files\Bonjour\mDNSResponder.exe F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe F:\Program Files\Java\jre6\bin\jqs.exe F:\WINDOWS\system32\svchost.exe -k imgsvc F:\WINDOWS\system32\ZoneLabs\vsmon.exe F:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe F:\Program Files\iTunes\iTunesHelper.exe F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe F:\Program Files\iriver\iriver plus 2\iAgent2.exe F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe F:\Program Files\OpenOffice.org 2.4\program\soffice.exe F:\Program Files\OpenOffice.org 2.4\program\soffice.BIN F:\Program Files\iPod\bin\iPodService.exe F:\Program Files\Lavasoft\Ad-Aware\AAWTray.exe F:\WINDOWS\explorer.exe F:\Documents and Settings\Zvi Schiff\Desktop\dds.scr F:\Program Files\Common Files\InstallShield\UpdateService\agent.exe ============== Pseudo HJT Report =============== uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - f:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll BHO: {54B02808-B60E-44CD-A72D-9865117E4E62} - No File BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - f:\program files\ws_ftp pro\wsbho2k0.dll BHO: AGFormHelperObj Class: {6620e618-1ab9-4eb2-aca4-cbbe9066dbe6} - f:\program files\agat\agform\AGFormsHelper.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AGForms: {ed2e7de7-07db-4941-a06d-f780b93ba730} - f:\program files\agat\agform\AGForms.dll EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [iPlusAgent2] "f:\program files\iriver\iriver plus 2\iAgent2.exe" uRun: [SpybotSD TeaTimer] f:\program files\spybot - search & destroy\TeaTimer.exe uRun: [Microsoft Update Time] wuam.exe mRun: [IMONTRAY] f:\program files\intel\intel® active monitor\imontray.exe mRun: [RegKillElbyCheck] "f:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill mRun: [RegKillTray] "f:\program files\elaborate bytes\dvd region killer\RegKillTray.exe" mRun: [ISUSPM] "f:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler mRun: [OSSelectorReinstall] f:\program files\common files\acronis\acronis disk director\oss_reinstall.exe mRun: [AppleSyncNotifier] f:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe mRun: [QuickTime Task] "f:\program files\quicktime alternative\QTTask.exe" -atboottime mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe" mRun: [ZoneAlarm Client] "f:\program files\zone labs\zonealarm\zlclient.exe" mRun: [egui] "f:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [MSConfig] f:\windows\pchealth\helpctr\binaries\MSCONFIG.EXE /auto mRun: [Microsoft Update Time] wuam.exe mRunServices: [Microsoft Update Time] wuam.exe mRunServices: [Microsoft DirectX] PDSched.exe StartupFolder: f:\docume~1\zvisch~1\startm~1\programs\startup\openof~1.lnk - f:\program files\openoffice.org 2.4\program\quickstart.exe IE: Add to AMV Convert Tool... - f:\program files\mp3 player utilities 4.00\amvconverter\grab.html IE: Add to Media Manager... - f:\program files\mp3 player utilities 4.00\mediamanager\grab.html IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - f:\program files\icqlite\ICQLite.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120170377109 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140612129937 DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://192.168.10.253:50000/bl_camera.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5219/mcfscan.cab TCP: {79F5B094-2307-4D8F-8CBA-6CA6F12997D2} = 192.116.202.222,192.115.106.10 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - f:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - f:\docume~1\zvisch~1\applic~1\mozilla\firefox\profiles\mlsjzv2i.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_27.dll FF - component: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll FF - plugin: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll FF - plugin: f:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: f:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: f:\program files\mozilla firefox\plugins\NPZoneSB.dll FF - plugin: f:\program files\picasa2\npPicasa2.dll ---- FIREFOX POLICIES ---- f:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); ============= SERVICES / DRIVERS =============== R0 IFP900;iriver Internet Audio Player IFP-900;f:\windows\system32\drivers\Ifp900.sys [2005-7-19 14531] R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800] R1 KLIF;KLIF;f:\windows\system32\drivers\klif.sys [2009-3-29 148496] R1 vsdatant;vsdatant;f:\windows\system32\vsdatant.sys [2004-6-17 353672] R2 ekrn;Eset Service;f:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224] R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;f:\program files\lavasoft\ad-aware\AAWService.exe [2009-3-9 951632] R2 vsmon;TrueVector Internet Monitor;f:\windows\system32\zonelabs\vsmon.exe -service --> f:\windows\system32\zonelabs\vsmon.exe -service [?] R3 RegKill;RegKill;f:\windows\system32\drivers\RegKill.sys [2002-3-10 6144] S2 AtiBt829;ATI WDM Bt829 Video;f:\windows\system32\drivers\atinbtxx.sys [2001-9-26 60464] S2 BEATUSB;BEATUSB.sys Eratech USB driver;f:\windows\system32\drivers\beatusb.sys [2004-8-25 10988] S2 TTDec;ATI WDM Teletext Decoder;f:\windows\system32\drivers\atinttxx.sys [2001-9-26 20960] S3 ati2mpaa;ati2mpaa;f:\windows\system32\drivers\ati2mpaa.sys [2004-6-15 281856] S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);f:\windows\system32\drivers\ativxbar.sys [2004-6-15 26624] S3 cirrus;cirrus;f:\windows\system32\drivers\cirrus.sys [2005-9-7 45696] S3 DCamVQ110;VQ110 Digital Video Camera;f:\windows\system32\drivers\vq110.sys --> f:\windows\system32\drivers\VQ110.sys [?] S3 ForteUSB;PERSTEL Chic USB Driver Service;f:\windows\system32\drivers\ForteUSB.sys [2004-6-16 10658] S3 ICDUSB2;Sony IC Recorder (P);f:\windows\system32\drivers\IcdUsb2.sys [2005-2-3 39048] S3 RipFlash;RipFlash Digital Music Recoder/Player;f:\windows\system32\drivers\RFlashDX.sys [2004-6-16 11100] S3 Sflodd;Sflodd; [x] =============== Created Last 30 ================ 2009-06-11 15:16 <DIR> --d----- f:\docume~1\zvisch~1\applic~1\Malwarebytes 2009-06-11 15:15 40,160 a------- f:\windows\system32\drivers\mbamswissarmy.sys 2009-06-11 15:15 <DIR> --d----- f:\docume~1\alluse~1\applic~1\Malwarebytes 2009-06-11 15:15 19,096 a------- f:\windows\system32\drivers\mbam.sys 2009-06-11 15:15 <DIR> --d----- f:\program files\Malwarebytes' Anti-Malware 2009-06-10 15:29 <DIR> --d----- f:\documents and settings\zvi schiff\DoctorWeb 2009-06-09 19:12 <DIR> a-dshr-- F:\autorun.inf 2009-06-09 14:53 161,792 a------- f:\windows\SWREG.exe 2009-06-09 14:53 155,136 a------- f:\windows\PEV.exe 2009-06-09 14:53 98,816 a------- f:\windows\sed.exe 2009-06-07 13:26 352 a---h--- f:\windows\nod32fixtemdono.reg 2009-06-07 13:25 <DIR> --d----- f:\program files\ESET ==================== Find3M ==================== 2009-06-11 18:42 1,595,355,168 a--sh--- f:\windows\system32\drivers\fidbox.dat 2009-06-11 16:13 18,697,232 a--sh--- f:\windows\system32\drivers\fidbox.idx 2009-06-08 15:29 1,744 a------- f:\windows\system32\d3d9caps.dat 2009-04-21 17:09 4,212 a---h--- f:\windows\system32\zllictbl.dat 2009-03-30 16:56 48,728 a---h--- f:\windows\system32\mlfcache.dat 2008-02-12 16:14 32 a------- f:\docume~1\alluse~1\applic~1\ezsid.dat 2006-11-19 19:24 252 a------- f:\documents and settings\zvi schiff\test.dat 2003-05-07 18:13 131,072 a------- f:\windows\inf\DriverInstaller.exe ============= FINISH: 18:43:53.03 ===============
Attached File(s)
|
 |
 
|
|
Jun 20 2009, 05:21 PM
Post
#2
|
|
 Malware Disintegrator Group: HJT Team Posts: 10,197 Joined: 21-March 08 Member No.: 197,892 |
Hi
My name is Extremeboy (or EB for short), and I will be helping you with your log. We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine. If you have not done so, include a description of your problem, along with any steps you may have performed so far. If you do not make a reply in 5 days, we will need to close your topic. You may want to keep the link to this topic in your favourites. Alternatively, you can click the  button at the top bar of this topic and Track this Topic. The topics you are tracking can be found here.Please take note of some guidelines for this fix:
If you still require assistance post a new set of DDS Logs and a description of any remaining problems or symptoms you may still have please. If for any reason you did not post a DDS log please refer to this page and in step #6 there is instructions on downloading and running DDS. IF you have any problems just let me know in your next reply or simply post a Hijackthis log. Thanks again and we apologzie for the delay. With Regards, Extremeboy -------------------- Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM. The help you receive here is always free but if you wish to show your appreciation, you may wish to  . |
|
|
|
button in the lower right hand corner of your screen. Do not start a new topic. The logs that you post should be pasted directly into the reply.|
Jun 21 2009, 07:32 AM
Post
#3
|
|
|
Member Group: Members Posts: 24 Joined: 11-June 09 Member No.: 341,012 |
Still have same problems.
here's the log: Thanks DDS (Ver_09-05-14.01) - NTFSx86 Run by Zvi Schiff at 15:19:36.65 on 21-Jun-09 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.1023.512 [GMT 3:00] AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== F:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe F:\WINDOWS\System32\svchost.exe -k netsvcs F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe F:\WINDOWS\system32\spoolsv.exe svchost.exe F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\Program Files\Bonjour\mDNSResponder.exe F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe F:\Program Files\Java\jre6\bin\jqs.exe F:\WINDOWS\system32\svchost.exe -k imgsvc F:\WINDOWS\system32\ZoneLabs\vsmon.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe F:\Program Files\iTunes\iTunesHelper.exe F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe F:\Program Files\iriver\iriver plus 2\iAgent2.exe F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\OpenOffice.org 2.4\program\soffice.exe F:\Program Files\OpenOffice.org 2.4\program\soffice.BIN F:\WINDOWS\System32\svchost.exe -k HTTPFilter F:\Program Files\iPod\bin\iPodService.exe F:\Documents and Settings\Zvi Schiff\Desktop\anti virus\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - f:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll BHO: {54B02808-B60E-44CD-A72D-9865117E4E62} - No File BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - f:\program files\ws_ftp pro\wsbho2k0.dll BHO: AGFormHelperObj Class: {6620e618-1ab9-4eb2-aca4-cbbe9066dbe6} - f:\program files\agat\agform\AGFormsHelper.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AGForms: {ed2e7de7-07db-4941-a06d-f780b93ba730} - f:\program files\agat\agform\AGForms.dll EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [iPlusAgent2] "f:\program files\iriver\iriver plus 2\iAgent2.exe" uRun: [SpybotSD TeaTimer] "f:\program files\spybot - search & destroy\TeaTimer.exe" uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe uRun: [Microsoft Update Time] wuam.exe mRun: [IMONTRAY] "f:\program files\intel\intel® active monitor\imontray.exe" mRun: [RegKillElbyCheck] "f:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill mRun: [RegKillTray] "f:\program files\elaborate bytes\dvd region killer\RegKillTray.exe" mRun: [ISUSPM] "f:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler mRun: [OSSelectorReinstall] "f:\program files\common files\acronis\acronis disk director\oss_reinstall.exe" mRun: [AppleSyncNotifier] "f:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe" mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe" mRun: [ZoneAlarm Client] "f:\program files\zone labs\zonealarm\zlclient.exe" mRun: [egui] "f:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [Microsoft Update Time] wuam.exe mRunServices: [Microsoft DirectX] PDSched.exe mRunServices: [Microsoft Update Time] wuam.exe StartupFolder: f:\docume~1\zvisch~1\startm~1\programs\startup\openof~1.lnk - f:\program files\openoffice.org 2.4\program\quickstart.exe IE: Add to AMV Convert Tool... - f:\program files\mp3 player utilities 4.00\amvconverter\grab.html IE: Add to Media Manager... - f:\program files\mp3 player utilities 4.00\mediamanager\grab.html IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - f:\program files\icqlite\ICQLite.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120170377109 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140612129937 DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://192.168.10.253:50000/bl_camera.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5219/mcfscan.cab TCP: {79F5B094-2307-4D8F-8CBA-6CA6F12997D2} = 192.116.202.222,192.115.106.10 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - f:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - f:\docume~1\zvisch~1\applic~1\mozilla\firefox\profiles\mlsjzv2i.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_27.dll FF - component: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll FF - plugin: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll FF - plugin: f:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: f:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: f:\program files\mozilla firefox\plugins\NPZoneSB.dll FF - plugin: f:\program files\picasa2\npPicasa2.dll ---- FIREFOX POLICIES ---- f:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); ============= SERVICES / DRIVERS =============== R0 IFP900;iriver Internet Audio Player IFP-900;f:\windows\system32\drivers\Ifp900.sys [2005-7-19 14531] R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800] R1 KLIF;KLIF;f:\windows\system32\drivers\klif.sys [2009-3-29 148496] R1 vsdatant;vsdatant;f:\windows\system32\vsdatant.sys [2004-6-17 353672] R2 ekrn;Eset Service;f:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224] R2 vsmon;TrueVector Internet Monitor;f:\windows\system32\zonelabs\vsmon.exe -service --> f:\windows\system32\zonelabs\vsmon.exe -service [?] R3 RegKill;RegKill;f:\windows\system32\drivers\RegKill.sys [2002-3-10 6144] S2 AtiBt829;ATI WDM Bt829 Video;f:\windows\system32\drivers\atinbtxx.sys [2001-9-26 60464] S2 BEATUSB;BEATUSB.sys Eratech USB driver;f:\windows\system32\drivers\beatusb.sys [2004-8-25 10988] S2 TTDec;ATI WDM Teletext Decoder;f:\windows\system32\drivers\atinttxx.sys [2001-9-26 20960] S3 ati2mpaa;ati2mpaa;f:\windows\system32\drivers\ati2mpaa.sys [2004-6-15 281856] S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);f:\windows\system32\drivers\ativxbar.sys [2004-6-15 26624] S3 cirrus;cirrus;f:\windows\system32\drivers\cirrus.sys [2005-9-7 45696] S3 DCamVQ110;VQ110 Digital Video Camera;f:\windows\system32\drivers\vq110.sys --> f:\windows\system32\drivers\VQ110.sys [?] S3 ForteUSB;PERSTEL Chic USB Driver Service;f:\windows\system32\drivers\ForteUSB.sys [2004-6-16 10658] S3 ICDUSB2;Sony IC Recorder (P);f:\windows\system32\drivers\IcdUsb2.sys [2005-2-3 39048] S3 RipFlash;RipFlash Digital Music Recoder/Player;f:\windows\system32\drivers\RFlashDX.sys [2004-6-16 11100] S3 Sflodd;Sflodd; [x] =============== Created Last 30 ================ 2009-06-16 14:23 <DIR> --d----- f:\program files\MSSOAP 2009-06-16 14:23 <DIR> --d----- f:\program files\Webroot 2009-06-16 13:10 10 a------- f:\windows\system32\kr_done1 2009-06-11 15:16 <DIR> --d----- f:\docume~1\zvisch~1\applic~1\Malwarebytes 2009-06-11 15:15 40,160 a------- f:\windows\system32\drivers\mbamswissarmy.sys 2009-06-11 15:15 <DIR> --d----- f:\docume~1\alluse~1\applic~1\Malwarebytes 2009-06-11 15:15 19,096 a------- f:\windows\system32\drivers\mbam.sys 2009-06-11 15:15 <DIR> --d----- f:\program files\Malwarebytes' Anti-Malware 2009-06-10 15:29 <DIR> --d----- f:\documents and settings\zvi schiff\DoctorWeb 2009-06-09 19:12 <DIR> a-dshr-- F:\autorun.inf 2009-06-09 14:53 161,792 a------- f:\windows\SWREG.exe 2009-06-09 14:53 155,136 a------- f:\windows\PEV.exe 2009-06-09 14:53 98,816 a------- f:\windows\sed.exe 2009-06-07 13:26 352 a---h--- f:\windows\nod32fixtemdono.reg 2009-06-07 13:25 <DIR> --d----- f:\program files\ESET ==================== Find3M ==================== 2009-06-21 15:19 2,000,803,872 a--sh--- f:\windows\system32\drivers\fidbox.dat 2009-06-21 15:00 23,450,240 a--sh--- f:\windows\system32\drivers\fidbox.idx 2009-06-08 15:29 1,744 a------- f:\windows\system32\d3d9caps.dat 2009-04-21 17:09 4,212 a---h--- f:\windows\system32\zllictbl.dat 2009-03-30 16:56 48,728 a---h--- f:\windows\system32\mlfcache.dat 2008-02-12 16:14 32 a------- f:\docume~1\alluse~1\applic~1\ezsid.dat 2006-11-19 19:24 252 a------- f:\documents and settings\zvi schiff\test.dat 2003-05-07 18:13 131,072 a------- f:\windows\inf\DriverInstaller.exe ============= FINISH: 15:20:45.95 ===============
Attached File(s)
|
|
|
|
|
Jun 22 2009, 04:42 PM
Post
#4
|
|
|
Malware Disintegrator Group: HJT Team Posts: 10,197 Joined: 21-March 08 Member No.: 197,892 |
Hello.
We'll start off with Combofix. Download and Run ComboFix Download Combofix from any of the links below, and save it to your desktop. Link 1 Link 2 Link 3 Please refer to this page for full instructions on how to run ComboFix.
ComboFix will restart your computer if malware is found; allow it to do so. Note: Please Do NOT mouseclick combofix's window while its running because it may call it to stall. -------------------- Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM. The help you receive here is always free but if you wish to show your appreciation, you may wish to . |
|
|
|
|
Jun 23 2009, 07:33 AM
Post
#5
|
|
|
Member Group: Members Posts: 24 Joined: 11-June 09 Member No.: 341,012 |
Combofix did not ask to install recovery console and my attempts to install it manually before the scan were unsuccessful. It also did not request a restart.
Internet seems faster. Thanks, Zvi ComboFix 09-06-22.08 - Zvi Schiff 23-Jun-09 15:08.2 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.1023.600 [GMT 3:00] Running from: f:\documents and settings\Zvi Schiff\Desktop\anti virus\ComboFix.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ZoneAlarm Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !! . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . f:\windows\system32\kr_done1 . ((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 ))))))))))))))))))))))))))))))) . 2009-06-16 11:23 . 2009-06-16 11:23 -------- d-----w- f:\program files\MSSOAP 2009-06-16 11:23 . 2009-06-16 11:23 -------- d-----w- f:\program files\Webroot 2009-06-11 12:16 . 2009-06-11 12:16 -------- d-----w- f:\documents and settings\Zvi Schiff\Application Data\Malwarebytes 2009-06-11 12:15 . 2009-05-26 10:20 40160 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys 2009-06-11 12:15 . 2009-06-11 12:15 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-11 12:15 . 2009-06-11 12:16 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware 2009-06-11 12:15 . 2009-05-26 10:19 19096 ----a-w- f:\windows\system32\drivers\mbam.sys 2009-06-10 12:29 . 2009-06-10 13:11 -------- d-----w- f:\documents and settings\Zvi Schiff\DoctorWeb 2009-06-07 11:20 . 2009-06-07 11:20 -------- d-----w- f:\documents and settings\Zvi Schiff\Local Settings\Application Data\ESET 2009-06-07 10:26 . 2008-01-07 11:29 352 ---ha-w- f:\windows\nod32fixtemdono.reg 2009-06-07 10:25 . 2009-06-07 10:25 -------- d-----w- f:\program files\ESET 2009-06-07 10:25 . 2009-06-07 10:25 -------- d-----w- f:\documents and settings\All Users\Application Data\ESET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-23 12:15 . 2009-03-29 11:30 2003943456 --sha-w- f:\windows\system32\drivers\fidbox.dat 2009-06-23 11:23 . 2005-12-19 13:55 -------- d---a-w- f:\documents and settings\Zvi Schiff\Application Data\OpenOffice.org2 2009-06-22 15:48 . 2009-03-29 11:30 23462168 --sha-w- f:\windows\system32\drivers\fidbox.idx 2009-06-22 13:36 . 2008-06-23 15:43 -------- d-----w- f:\documents and settings\All Users\Application Data\Google Updater 2009-06-16 10:16 . 2008-08-13 13:52 -------- d-----w- f:\documents and settings\All Users\Application Data\Lavasoft 2009-06-11 15:30 . 2006-06-27 14:30 -------- d-----w- f:\program files\DVConversionSuite 2009-06-11 13:25 . 2005-12-04 16:25 -------- d-----w- f:\program files\Shareaza 2009-06-08 12:29 . 2006-10-04 16:53 1744 ----a-w- f:\windows\system32\d3d9caps.dat 2009-06-07 12:16 . 2004-06-16 13:14 -------- d-----w- f:\program files\Spybot - Search & Destroy 2009-06-07 10:24 . 2004-06-15 16:43 -------- d-----w- f:\program files\Symantec 2009-06-07 10:23 . 2004-06-15 16:43 -------- d-----w- f:\program files\Common Files\Symantec Shared 2009-06-07 10:20 . 2008-01-29 15:48 -------- d-----w- f:\documents and settings\Zvi Schiff\Application Data\U3 2009-06-04 13:48 . 2004-06-16 13:14 -------- d---a-w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-24 12:44 . 2009-04-26 11:05 3385344 ----a-w- f:\windows\Internet Logs\xDB9B.tmp 2009-04-21 14:09 . 2004-06-17 16:43 4212 ---ha-w- f:\windows\system32\zllictbl.dat 2009-04-02 12:02 . 2009-04-02 12:02 152576 ----a-w- f:\documents and settings\Zvi Schiff\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-03-30 13:56 . 2007-09-11 16:16 48728 ---ha-w- f:\windows\system32\mlfcache.dat 2009-03-26 17:53 . 2009-03-26 17:53 3638 ----a-r- f:\documents and settings\Zvi Schiff\Application Data\Microsoft\Installer\{5393E299-DAED-4F87-99B8-7942091424CC}\_294823.exe 2009-03-26 17:53 . 2009-03-26 17:53 3638 ----a-r- f:\documents and settings\Zvi Schiff\Application Data\Microsoft\Installer\{5393E299-DAED-4F87-99B8-7942091424CC}\_18be6784.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-09_12.04.56 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-23 11:21 . 2009-06-23 11:21 16384 f:\windows\Temp\Perflib_Perfdata_6dc.dat - 2004-06-15 14:45 . 2009-06-04 13:04 32768 f:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2004-06-15 14:45 . 2009-06-21 11:48 32768 f:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2004-06-15 14:45 . 2009-06-04 13:04 32768 f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2004-06-15 14:45 . 2009-06-21 11:48 32768 f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat + 2004-06-15 14:45 . 2009-06-21 11:48 16384 f:\windows\system32\config\systemprofile\Cookies\index.dat - 2004-06-15 14:45 . 2009-06-04 13:04 16384 f:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-06-16 11:23 . 2009-06-16 11:23 10134 f:\windows\Installer\{32343DB6-9A52-40C9-87E4-5E7C79791C87}\ARPPRODUCTICON.exe + 2007-10-21 16:38 . 2009-04-06 10:26 511328 f:\windows\system32\capicom.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iPlusAgent2"="f:\program files\iriver\iriver plus 2\iAgent2.exe" [2006-04-21 241664] "SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Microsoft Update Time"="wuam.exe" [BU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMONTRAY"="f:\program files\Intel\Intel® Active Monitor\imontray.exe" [2003-11-03 32768] "RegKillElbyCheck"="f:\program files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2001-12-06 45056] "RegKillTray"="f:\program files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe" [2002-04-13 49152] "ISUSPM"="f:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "OSSelectorReinstall"="f:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224] "AppleSyncNotifier"="f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "ZoneAlarm Client"="f:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384] "egui"="f:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "Microsoft Update Time"="wuam.exe" [BU] f:\documents and settings\Zvi Schiff\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - f:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" [HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=f:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=f:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Vousiadavn"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SansaDispatch"=f:\documents and settings\Zvi Schiff\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe "ctfmon.exe"=f:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iHP-100"=f:\program files\iRiver\iHP100\iHPDetect.exe "SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" "QuickTime Task"="f:\program files\QuickTime Alternative\QTTask.exe" -atboottime "Microsoft Update Time"=wuam.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-] "Microsoft DirectX"=PDSched.exe "Microsoft Update Time"=wuam.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "f:\\Program Files\\ICQLite\\ICQLite.exe"= "f:\\Documents and Settings\\Zvi Schiff\\Desktop\\utorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "f:\\Program Files\\Mozilla Firefox\\firefox.exe"= "f:\\Program Files\\Bonjour\\mDNSResponder.exe"= "f:\\Program Files\\iTunes\\iTunes.exe"= "f:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "137:TCP"= 137:TCP:smb "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 IFP900;iriver Internet Audio Player IFP-900;f:\windows\system32\drivers\Ifp900.sys [19-Jul-05 3:02 PM 14531] R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [21-Dec-07 8:21 AM 33800] R2 ekrn;Eset Service;f:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21-Dec-07 8:21 AM 468224] R3 RegKill;RegKill;f:\windows\system32\drivers\RegKill.sys [10-Mar-02 6:37 AM 6144] S2 AtiBt829;ATI WDM Bt829 Video;f:\windows\system32\drivers\atinbtxx.sys [26-Sep-01 9:22 PM 60464] S2 BEATUSB;BEATUSB.sys Eratech USB driver;f:\windows\system32\drivers\beatusb.sys [25-Aug-04 6:58 PM 10988] S2 TTDec;ATI WDM Teletext Decoder;f:\windows\system32\drivers\atinttxx.sys [26-Sep-01 9:22 PM 20960] S3 ati2mpaa;ati2mpaa;f:\windows\system32\drivers\ati2mpaa.sys [15-Jun-04 7:26 PM 281856] S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);f:\windows\system32\drivers\ativxbar.sys [15-Jun-04 7:27 PM 26624] S3 cirrus;cirrus;f:\windows\system32\drivers\cirrus.sys [07-Sep-05 4:38 PM 45696] S3 DCamVQ110;VQ110 Digital Video Camera;f:\windows\system32\DRIVERS\VQ110.sys --> f:\windows\system32\DRIVERS\VQ110.sys [?] S3 ForteUSB;PERSTEL Chic USB Driver Service;f:\windows\system32\drivers\ForteUSB.sys [16-Jun-04 7:03 PM 10658] S3 ICDUSB2;Sony IC Recorder (P);f:\windows\system32\drivers\IcdUsb2.sys [03-Feb-05 5:55 PM 39048] S3 RipFlash;RipFlash Digital Music Recoder/Player;f:\windows\system32\drivers\RFlashDX.sys [16-Jun-04 5:42 PM 11100] S3 Sflodd;Sflodd; [x] . Contents of the 'Scheduled Tasks' folder 2008-11-17 f:\windows\Tasks\AppleSoftwareUpdate.job - f:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 10:34] 2009-06-23 f:\windows\Tasks\Google Software Updater.job - f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-04 17:56] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to AMV Convert Tool... - f:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html IE: Add to Media Manager... - f:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html TCP: {79F5B094-2307-4D8F-8CBA-6CA6F12997D2} = 192.116.202.222,192.115.106.10 FF - ProfilePath - ---- FIREFOX POLICIES ---- f:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-23 15:14 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1229272821-1708537768-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:8b,6a,a7,73,bf,7f,ad,81,18,9a,4b,34,05,e7,f7,90,6c,4e,4b,e8,4f, f9,b7,48,90,34,eb,8f,1f,01,83,fc,ca,a4,de,9b,b8,d8,22,ee,86,75,8c,65,ff,1f,\ [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:8b,6a,a7,73,bf,7f,ad,81,18,9a,4b,34,05,e7,f7,90,6c,4e,4b,e8,4f, f9,b7,48,90,34,eb,8f,1f,01,83,fc,ca,a4,de,9b,b8,d8,22,ee,86,75,8c,65,ff,1f,\ . Completion time: 2009-06-23 15:17 ComboFix-quarantined-files.txt 2009-06-23 12:17 ComboFix2.txt 2009-06-09 12:12 Pre-Run: 85,886,595,072 bytes free Post-Run: 85,856,747,520 bytes free Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,7 190 --- E O F --- 2009-05-26 14:08 |
|
|
|
|
Jun 23 2009, 08:24 AM
Post
#6
|
|
|
Member Group: Members Posts: 24 Joined: 11-June 09 Member No.: 341,012 |
I was able to install recovery console manually. It ran ComboFix again so I'm sending the new log in case it's useful.
Zvi ComboFix 09-06-22.08 - Zvi Schiff 23-Jun-09 16:16.3 - NTFSx86 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.1023.549 [GMT 3:00] Running from: f:\documents and settings\Zvi Schiff\Desktop\anti virus\ComboFix.exe Command switches used :: f:\documents and settings\Zvi Schiff\Desktop\anti virus\WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe AV: ESET NOD32 Antivirus 3.0 *On-access scanning disabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} . ((((((((((((((((((((((((( Files Created from 2009-05-23 to 2009-06-23 ))))))))))))))))))))))))))))))) . 2009-06-23 12:15 . 2009-06-23 12:15 -------- dc----w- f:\windows\system32\dllcache\cache 2009-06-16 11:23 . 2009-06-16 11:23 -------- d-----w- f:\program files\MSSOAP 2009-06-16 11:23 . 2009-06-16 11:23 -------- d-----w- f:\program files\Webroot 2009-06-11 12:16 . 2009-06-11 12:16 -------- d-----w- f:\documents and settings\Zvi Schiff\Application Data\Malwarebytes 2009-06-11 12:15 . 2009-05-26 10:20 40160 ----a-w- f:\windows\system32\drivers\mbamswissarmy.sys 2009-06-11 12:15 . 2009-06-11 12:15 -------- d-----w- f:\documents and settings\All Users\Application Data\Malwarebytes 2009-06-11 12:15 . 2009-06-11 12:16 -------- d-----w- f:\program files\Malwarebytes' Anti-Malware 2009-06-11 12:15 . 2009-05-26 10:19 19096 ----a-w- f:\windows\system32\drivers\mbam.sys 2009-06-10 12:29 . 2009-06-10 13:11 -------- d-----w- f:\documents and settings\Zvi Schiff\DoctorWeb 2009-06-07 11:20 . 2009-06-07 11:20 -------- d-----w- f:\documents and settings\Zvi Schiff\Local Settings\Application Data\ESET 2009-06-07 10:26 . 2008-01-07 11:29 352 ---ha-w- f:\windows\nod32fixtemdono.reg 2009-06-07 10:25 . 2009-06-07 10:25 -------- d-----w- f:\program files\ESET 2009-06-07 10:25 . 2009-06-07 10:25 -------- d-----w- f:\documents and settings\All Users\Application Data\ESET . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2009-06-23 13:21 . 2009-03-29 11:30 2006325280 --sha-w- f:\windows\system32\drivers\fidbox.dat 2009-06-23 11:23 . 2005-12-19 13:55 -------- d---a-w- f:\documents and settings\Zvi Schiff\Application Data\OpenOffice.org2 2009-06-22 15:48 . 2009-03-29 11:30 23462168 --sha-w- f:\windows\system32\drivers\fidbox.idx 2009-06-22 13:36 . 2008-06-23 15:43 -------- d-----w- f:\documents and settings\All Users\Application Data\Google Updater 2009-06-16 10:16 . 2008-08-13 13:52 -------- d-----w- f:\documents and settings\All Users\Application Data\Lavasoft 2009-06-11 15:30 . 2006-06-27 14:30 -------- d-----w- f:\program files\DVConversionSuite 2009-06-11 13:25 . 2005-12-04 16:25 -------- d-----w- f:\program files\Shareaza 2009-06-08 12:29 . 2006-10-04 16:53 1744 ----a-w- f:\windows\system32\d3d9caps.dat 2009-06-07 12:16 . 2004-06-16 13:14 -------- d-----w- f:\program files\Spybot - Search & Destroy 2009-06-07 10:24 . 2004-06-15 16:43 -------- d-----w- f:\program files\Symantec 2009-06-07 10:23 . 2004-06-15 16:43 -------- d-----w- f:\program files\Common Files\Symantec Shared 2009-06-07 10:20 . 2008-01-29 15:48 -------- d-----w- f:\documents and settings\Zvi Schiff\Application Data\U3 2009-06-04 13:48 . 2004-06-16 13:14 -------- d---a-w- f:\documents and settings\All Users\Application Data\Spybot - Search & Destroy 2009-04-24 12:44 . 2009-04-26 11:05 3385344 ----a-w- f:\windows\Internet Logs\xDB9B.tmp 2009-04-21 14:09 . 2004-06-17 16:43 4212 ---ha-w- f:\windows\system32\zllictbl.dat 2009-04-02 12:02 . 2009-04-02 12:02 152576 ----a-w- f:\documents and settings\Zvi Schiff\Application Data\Sun\Java\jre1.6.0_13\lzma.dll 2009-03-30 13:56 . 2007-09-11 16:16 48728 ---ha-w- f:\windows\system32\mlfcache.dat 2009-03-26 17:53 . 2009-03-26 17:53 3638 ----a-r- f:\documents and settings\Zvi Schiff\Application Data\Microsoft\Installer\{5393E299-DAED-4F87-99B8-7942091424CC}\_294823.exe 2009-03-26 17:53 . 2009-03-26 17:53 3638 ----a-r- f:\documents and settings\Zvi Schiff\Application Data\Microsoft\Installer\{5393E299-DAED-4F87-99B8-7942091424CC}\_18be6784.exe . ((((((((((((((((((((((((((((( SnapShot@2009-06-09_12.04.56 ))))))))))))))))))))))))))))))))))))))))) . + 2009-06-23 11:21 . 2009-06-23 11:21 16384 f:\windows\Temp\Perflib_Perfdata_6dc.dat + 2009-06-23 12:15 . 2008-10-16 12:09 51224 f:\windows\system32\dllcache\cache\wuauclt.exe + 2009-06-23 12:15 . 2008-04-14 00:12 82432 f:\windows\system32\dllcache\cache\ws2_32.dll + 2009-06-23 12:15 . 2008-04-14 00:12 26112 f:\windows\system32\dllcache\cache\userinit.exe + 2009-06-23 12:15 . 2008-04-14 00:12 14336 f:\windows\system32\dllcache\cache\svchost.exe + 2009-06-23 12:15 . 2008-04-14 00:12 57856 f:\windows\system32\dllcache\cache\spoolsv.exe + 2009-06-23 12:15 . 2008-04-14 00:12 17408 f:\windows\system32\dllcache\cache\powrprof.dll + 2009-06-23 12:15 . 2008-04-14 00:12 13312 f:\windows\system32\dllcache\cache\lsass.exe + 2009-06-23 12:15 . 2008-04-13 18:39 24576 f:\windows\system32\dllcache\cache\kbdclass.sys + 2009-06-23 12:15 . 2008-04-13 18:53 36608 f:\windows\system32\dllcache\cache\ip6fw.sys + 2009-06-23 12:15 . 2008-04-14 00:12 15360 f:\windows\system32\dllcache\cache\ctfmon.exe + 2004-06-15 14:45 . 2009-06-21 11:48 32768 f:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat - 2004-06-15 14:45 . 2009-06-04 13:04 32768 f:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat + 2004-06-15 14:45 . 2009-06-21 11:48 32768 f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2004-06-15 14:45 . 2009-06-04 13:04 32768 f:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat - 2004-06-15 14:45 . 2009-06-04 13:04 16384 f:\windows\system32\config\systemprofile\Cookies\index.dat + 2004-06-15 14:45 . 2009-06-21 11:48 16384 f:\windows\system32\config\systemprofile\Cookies\index.dat + 2009-06-16 11:23 . 2009-06-16 11:23 10134 f:\windows\Installer\{32343DB6-9A52-40C9-87E4-5E7C79791C87}\ARPPRODUCTICON.exe + 2009-06-23 12:15 . 2008-04-14 00:12 507904 f:\windows\system32\dllcache\cache\winlogon.exe + 2009-06-23 12:15 . 2009-02-20 08:10 666112 f:\windows\system32\dllcache\cache\wininet.dll + 2009-06-23 12:15 . 2008-04-14 00:12 578560 f:\windows\system32\dllcache\cache\user32.dll + 2009-06-23 12:15 . 2008-04-14 00:12 295424 f:\windows\system32\dllcache\cache\termsrv.dll + 2009-06-23 12:15 . 2008-06-20 11:51 361600 f:\windows\system32\dllcache\cache\tcpip.sys + 2009-06-23 12:15 . 2009-02-06 11:11 110592 f:\windows\system32\dllcache\cache\services.exe + 2009-06-23 12:15 . 2008-04-13 19:20 182656 f:\windows\system32\dllcache\cache\ndis.sys + 2009-06-23 12:15 . 2009-03-21 14:06 989696 f:\windows\system32\dllcache\cache\kernel32.dll + 2009-06-23 12:15 . 2008-04-14 00:11 110080 f:\windows\system32\dllcache\cache\imm32.dll + 2009-06-23 12:15 . 2008-04-14 00:11 167936 f:\windows\system32\dllcache\cache\appmgmts.dll + 2007-10-21 16:38 . 2009-04-06 10:26 511328 f:\windows\system32\capicom.dll + 2009-06-23 12:15 . 2008-04-14 00:12 1614848 f:\windows\system32\dllcache\cache\sfcfiles.dll + 2009-06-23 12:15 . 2009-02-06 11:06 2145280 f:\windows\system32\dllcache\cache\ntoskrnl.exe + 2009-06-23 12:15 . 2009-02-06 10:32 2023936 f:\windows\system32\dllcache\cache\ntkrnlpa.exe + 2009-06-23 12:15 . 2008-04-14 00:12 1033728 f:\windows\system32\dllcache\cache\explorer.exe . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "iPlusAgent2"="f:\program files\iriver\iriver plus 2\iAgent2.exe" [2006-04-21 241664] "SpybotSD TeaTimer"="f:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2009-03-05 2260480] "ctfmon.exe"="f:\windows\system32\ctfmon.exe" [2008-04-14 15360] "Microsoft Update Time"="wuam.exe" [BU] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "IMONTRAY"="f:\program files\Intel\Intel® Active Monitor\imontray.exe" [2003-11-03 32768] "RegKillElbyCheck"="f:\program files\Elaborate Bytes\DVD Region Killer\ElbyCheck.exe" [2001-12-06 45056] "RegKillTray"="f:\program files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe" [2002-04-13 49152] "ISUSPM"="f:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2006-03-20 213936] "OSSelectorReinstall"="f:\program files\Common Files\Acronis\Acronis Disk Director\oss_reinstall.exe" [2007-02-22 2209224] "AppleSyncNotifier"="f:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-10-01 111936] "iTunesHelper"="f:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088] "ZoneAlarm Client"="f:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-02-15 981384] "egui"="f:\program files\ESET\ESET NOD32 Antivirus\egui.exe" [2007-12-21 1443072] "Microsoft Update Time"="wuam.exe" [BU] f:\documents and settings\Zvi Schiff\Start Menu\Programs\Startup\ OpenOffice.org 2.4.lnk - f:\program files\OpenOffice.org 2.4\program\quickstart.exe [2008-1-21 393216] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0sprestrt [HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service] @="" [HKLM\~\startupfolder\F:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk] path=f:\documents and settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk backup=f:\windows\pss\Adobe Reader Speed Launch.lnkCommon Startup [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services] "Vousiadavn"=3 (0x3) [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-] "SansaDispatch"=f:\documents and settings\Zvi Schiff\Application Data\SanDisk\Sansa Updater\SansaDispatch.exe "ctfmon.exe"=f:\windows\system32\ctfmon.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-] "iHP-100"=f:\program files\iRiver\iHP100\iHPDetect.exe "SunJavaUpdateSched"="f:\program files\Java\jre6\bin\jusched.exe" "QuickTime Task"="f:\program files\QuickTime Alternative\QTTask.exe" -atboottime "Microsoft Update Time"=wuam.exe [HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runservices-] "Microsoft DirectX"=PDSched.exe "Microsoft Update Time"=wuam.exe [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 "FirewallOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= "f:\\Program Files\\ICQLite\\ICQLite.exe"= "f:\\Documents and Settings\\Zvi Schiff\\Desktop\\utorrent.exe"= "%windir%\\Network Diagnostic\\xpnetdiag.exe"= "f:\\Program Files\\Mozilla Firefox\\firefox.exe"= "f:\\Program Files\\Bonjour\\mDNSResponder.exe"= "f:\\Program Files\\iTunes\\iTunes.exe"= "f:\\Program Files\\Skype\\Phone\\Skype.exe"= [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List] "137:TCP"= 137:TCP:smb "3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009 "1723:TCP"= 1723:TCP:@xpsp2res.dll,-22015 "1701:UDP"= 1701:UDP:@xpsp2res.dll,-22016 "500:UDP"= 500:UDP:@xpsp2res.dll,-22017 R0 IFP900;iriver Internet Audio Player IFP-900;f:\windows\system32\drivers\Ifp900.sys [19-Jul-05 3:02 PM 14531] R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [21-Dec-07 8:21 AM 33800] R2 ekrn;Eset Service;f:\program files\ESET\ESET NOD32 Antivirus\ekrn.exe [21-Dec-07 8:21 AM 468224] R3 RegKill;RegKill;f:\windows\system32\drivers\RegKill.sys [10-Mar-02 6:37 AM 6144] S2 AtiBt829;ATI WDM Bt829 Video;f:\windows\system32\drivers\atinbtxx.sys [26-Sep-01 9:22 PM 60464] S2 BEATUSB;BEATUSB.sys Eratech USB driver;f:\windows\system32\drivers\beatusb.sys [25-Aug-04 6:58 PM 10988] S2 TTDec;ATI WDM Teletext Decoder;f:\windows\system32\drivers\atinttxx.sys [26-Sep-01 9:22 PM 20960] S3 ati2mpaa;ati2mpaa;f:\windows\system32\drivers\ati2mpaa.sys [15-Jun-04 7:26 PM 281856] S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);f:\windows\system32\drivers\ativxbar.sys [15-Jun-04 7:27 PM 26624] S3 cirrus;cirrus;f:\windows\system32\drivers\cirrus.sys [07-Sep-05 4:38 PM 45696] S3 DCamVQ110;VQ110 Digital Video Camera;f:\windows\system32\DRIVERS\VQ110.sys --> f:\windows\system32\DRIVERS\VQ110.sys [?] S3 ForteUSB;PERSTEL Chic USB Driver Service;f:\windows\system32\drivers\ForteUSB.sys [16-Jun-04 7:03 PM 10658] S3 ICDUSB2;Sony IC Recorder (P);f:\windows\system32\drivers\IcdUsb2.sys [03-Feb-05 5:55 PM 39048] S3 RipFlash;RipFlash Digital Music Recoder/Player;f:\windows\system32\drivers\RFlashDX.sys [16-Jun-04 5:42 PM 11100] S3 Sflodd;Sflodd; [x] . Contents of the 'Scheduled Tasks' folder 2008-11-17 f:\windows\Tasks\AppleSoftwareUpdate.job - f:\program files\Apple Software Update\SoftwareUpdate.exe [2007-07-25 10:34] 2009-06-23 f:\windows\Tasks\Google Software Updater.job - f:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-02-04 17:56] . . ------- Supplementary Scan ------- . uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s IE: Add to AMV Convert Tool... - f:\program files\MP3 Player Utilities 4.00\AMVConverter\grab.html IE: Add to Media Manager... - f:\program files\MP3 Player Utilities 4.00\MediaManager\grab.html TCP: {79F5B094-2307-4D8F-8CBA-6CA6F12997D2} = 192.116.202.222,192.115.106.10 FF - ProfilePath - ---- FIREFOX POLICIES ---- f:\program files\Mozilla Firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); . ************************************************************************** catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net Rootkit scan 2009-06-23 16:20 Windows 5.1.2600 Service Pack 3 NTFS scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: 0 ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_USERS\S-1-5-21-1229272821-1708537768-725345543-1003\Software\Microsoft\SystemCertificates\AddressBook*] @Allowed: (Read) (RestrictedCode) @Allowed: (Read) (RestrictedCode) [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{BEB3C0C7-B648-4257-96D9-B5D024816E27}\Version*Version] "Version"=hex:8b,6a,a7,73,bf,7f,ad,81,18,9a,4b,34,05,e7,f7,90,6c,4e,4b,e8,4f, f9,b7,48,90,34,eb,8f,1f,01,83,fc,ca,a4,de,9b,b8,d8,22,ee,86,75,8c,65,ff,1f,\ [HKEY_LOCAL_MACHINE\software\Minnetonka Audio Software\SurCode Dolby Digital Premiere\Version*Version] "Version"=hex:8b,6a,a7,73,bf,7f,ad,81,18,9a,4b,34,05,e7,f7,90,6c,4e,4b,e8,4f, f9,b7,48,90,34,eb,8f,1f,01,83,fc,ca,a4,de,9b,b8,d8,22,ee,86,75,8c,65,ff,1f,\ . --------------------- DLLs Loaded Under Running Processes --------------------- - - - - - - - > 'explorer.exe'(2424) f:\program files\iTunes\iTunesMiniPlayer.dll f:\program files\iTunes\iTunesMiniPlayer.Resources\en.lproj\iTunesMiniPlayerLocalized.dll f:\program files\iTunes\iTunesMiniPlayer.Resources\iTunesMiniPlayer.dll f:\windows\system32\WPDShServiceObj.dll f:\windows\system32\PortableDeviceTypes.dll f:\windows\system32\PortableDeviceApi.dll . Completion time: 2009-06-23 16:24 ComboFix-quarantined-files.txt 2009-06-23 13:24 ComboFix2.txt 2009-06-23 12:17 ComboFix3.txt 2009-06-09 12:12 Pre-Run: 85,823,242,240 bytes free Post-Run: 85,793,869,824 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] f:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /fastdetect /noexecute=optin Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,7 228 --- E O F --- 2009-05-26 14:08 |
|
|
|
|
Jun 24 2009, 09:26 AM
Post
#7
|
|
|
Malware Disintegrator Group: HJT Team Posts: 10,197 Joined: 21-March 08 Member No.: 197,892 |
Hello.
Please continue with the following. Download and Run OTM
Download and run MalwareBytes Anti-Malware Please download Malwarebytes Anti-Malware and save it to your desktop. alternate download link 1
For complete or visual instructions on installing and running Malwarebytes Anti-Malware please read this link Download and Run Scan with GMER We will use GMER to scan for rootkits.
If GMER doesn't work in Normal Mode try running it in Safe Mode Note: Do Not run any program while GMER is running *Note*: Rootkit scans often produce false positives. Do NOT take any actions on "<--- ROOKIT" entries Take a new DDS run afterwards and post back with the logs. ~Extremeboy -------------------- Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM. The help you receive here is always free but if you wish to show your appreciation, you may wish to . |
|
|
|
icon on your desktop 
[/acronym] area. Do not include the word "Code".
[/acronym] button.
[/acronym] line here in your next reply.
or 
on your desktop.
and wait for the scan to finish.
and save the logfile to your desktop.|
Jun 25 2009, 10:57 AM
Post
#8
|
|
|
Member Group: Members Posts: 24 Joined: 11-June 09 Member No.: 341,012 |
Done.
here are the logs. If you have the time I would a appreciate some explanation of what I had and where it came from. I think I was infected from a disk on key but dont really know. Thanks for your time and efforts. Zvi ��A ��A This post has been edited by zschiff: Jun 25 2009, 10:59 AM |
|
|
|
|
Jun 25 2009, 11:00 AM
Post
#9
|
|
|
Member Group: Members Posts: 24 Joined: 11-June 09 Member No.: 341,012 |
Malwarebytes' Anti-Malware 1.38
Database version: 2283 Windows 5.1.2600 Service Pack 3 25-Jun-09 5:01:21 PM mbam-log-2009-06-25 (17-01-21).txt Scan type: Quick Scan Objects scanned: 84623 Time elapsed: 4 minute(s), 19 second(s) Memory Processes Infected: 0 Memory Modules Infected: 0 Registry Keys Infected: 0 Registry Values Infected: 4 Registry Data Items Infected: 0 Folders Infected: 0 Files Infected: 0 Memory Processes Infected: (No malicious items detected) Memory Modules Infected: (No malicious items detected) Registry Keys Infected: (No malicious items detected) Registry Values Infected: HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Time (Backdoor.Sdbot) -> Quarantined and deleted successfully. HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\Microsoft Update Time (Backdoor.Sdbot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft Update Time (Backdoor.Sdbot) -> Quarantined and deleted successfully. HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunServices\Microsoft DirectX (Backdoor.Sdbot) -> Quarantined and deleted successfully. Registry Data Items Infected: (No malicious items detected) Folders Infected: (No malicious items detected) Files Infected: (No malicious items detected) This post has been edited by zschiff: Jun 25 2009, 11:01 AM |
|
|
|
|
Jun 25 2009, 11:04 AM
Post
#10
|
|
|
Member Group: Members Posts: 24 Joined: 11-June 09 Member No.: 341,012 |
GMER 1.0.15.14972 - http://www.gmer.net
Rootkit scan 2009-06-25 18:49:12 Windows 5.1.2600 Service Pack 3 ---- System - GMER 1.0.15 ---- SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwConnectPort [0xF375AFC0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateFile [0xF3757C80] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateKey [0xF3772170] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreatePort [0xF375B580] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcess [0xF376F900] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateProcessEx [0xF376FB10] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateSection [0xF3773B10] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwCreateWaitablePort [0xF375B670] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteFile [0xF3758210] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteKey [0xF37729F0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDeleteValueKey [0xF37727A0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwDuplicateObject [0xF376F280] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey [0xF3772F10] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwLoadKey2 [0xF3772F90] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenFile [0xF3758070] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenProcess [0xF3771180] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwOpenThread [0xF3770F40] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRenameKey [0xF37736F0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwReplaceKey [0xF3773150] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRequestWaitReplyPort [0xF375ABE0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwRestoreKey [0xF3773540] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSecureConnectPort [0xF375B190] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetInformationFile [0xF3758440] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSetValueKey [0xF37724E0] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwSystemDebugControl [0xF3770200] SSDT \SystemRoot\System32\vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) ZwTerminateProcess [0xF3770080] ---- Devices - GMER 1.0.15 ---- AttachedDevice \FileSystem\Ntfs \Ntfs eamon.sys (Amon monitor/ESET) Device \Driver\Tcpip \Device\Ip vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\Tcp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) AttachedDevice \Driver\Tcpip \Device\Tcp epfwtdir.sys Device \Driver\Tcpip \Device\Udp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\RawIp vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) Device \Driver\Tcpip \Device\IPMULTICAST vsdatant.sys (TrueVector Device Driver/Check Point Software Technologies LTD) AttachedDevice \FileSystem\Fastfat \Fat fltmgr.sys (Microsoft Filesystem Filter Manager/Microsoft Corporation) AttachedDevice \FileSystem\Fastfat \Fat eamon.sys (Amon monitor/ESET) ---- EOF - GMER 1.0.15 ---- |
|
|
|
|
Jun 25 2009, 11:08 AM
Post
#11
|
|
|
Member Group: Members Posts: 24 Joined: 11-June 09 Member No.: 341,012 |
All processes killed
========== SERVICES/DRIVERS ========== Service\Driver Sflodd deleted successfully. ========== REGISTRY ========== Registry value HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Microsoft Update Time deleted successfully. Registry value HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\\Microsoft Update Time deleted successfully. ========== COMMANDS ========== [EMPTYTEMP] User: All Users User: Default User ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 67 bytes User: LocalService ->Temp folder emptied: 0 bytes File delete failed. F:\Documents and Settings\LocalService\Local Settings\Temporary Internet Files\Content.IE5\index.dat scheduled to be deleted on reboot. ->Temporary Internet Files folder emptied: 213126 bytes User: NetworkService ->Temp folder emptied: 0 bytes ->Temporary Internet Files folder emptied: 32835 bytes User: Zvi Schiff File delete failed. F:\Documents and Settings\Zvi Schiff\Local Settings\Temp\~DFDEB9.tmp scheduled to be deleted on reboot. ->Temp folder emptied: 196608 bytes ->Temporary Internet Files folder emptied: 32902 bytes ->Java cache emptied: 7650691 bytes ->FireFox cache emptied: 54463515 bytes ->Apple Safari cache emptied: 1919841 bytes %systemdrive% .tmp files removed: 0 bytes %systemroot% .tmp files removed: 3334748 bytes %systemroot%\System32 .tmp files removed: 3925009 bytes File delete failed. F:\WINDOWS\temp\ZLT04a7d.TMP scheduled to be deleted on reboot. Windows Temp folder emptied: 739 bytes RecycleBin emptied: 0 bytes Total Files Cleaned = 68.45 mb OTM by OldTimer - Version 3.0.0.2 log created on 06252009_153224 Files moved on Reboot... F:\Documents and Settings\Zvi Schiff\Local Settings\Temp\~DFDEB9.tmp moved successfully. File F:\WINDOWS\temp\ZLT04a7d.TMP not found! Registry entries deleted on Reboot... DDS (Ver_09-05-14.01) - NTFSx86 Run by Zvi Schiff at 18:50:32.34 on 25-Jun-09 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.1023.548 [GMT 3:00] AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== F:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe F:\WINDOWS\System32\svchost.exe -k netsvcs F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe F:\WINDOWS\system32\spoolsv.exe svchost.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\Program Files\Bonjour\mDNSResponder.exe F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe F:\Program Files\Java\jre6\bin\jqs.exe F:\WINDOWS\system32\svchost.exe -k imgsvc F:\WINDOWS\system32\ZoneLabs\vsmon.exe F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe F:\WINDOWS\system32\ctfmon.exe F:\Program Files\iPod\bin\iPodService.exe F:\Documents and Settings\Zvi Schiff\Desktop\anti virus\thurs\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - f:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll BHO: {54B02808-B60E-44CD-A72D-9865117E4E62} - No File BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - f:\program files\ws_ftp pro\wsbho2k0.dll BHO: AGFormHelperObj Class: {6620e618-1ab9-4eb2-aca4-cbbe9066dbe6} - f:\program files\agat\agform\AGFormsHelper.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AGForms: {ed2e7de7-07db-4941-a06d-f780b93ba730} - f:\program files\agat\agform\AGForms.dll EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [iPlusAgent2] "f:\program files\iriver\iriver plus 2\iAgent2.exe" uRun: [SpybotSD TeaTimer] "f:\program files\spybot - search & destroy\TeaTimer.exe" uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe mRun: [IMONTRAY] "f:\program files\intel\intel® active monitor\imontray.exe" mRun: [RegKillElbyCheck] "f:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill mRun: [RegKillTray] "f:\program files\elaborate bytes\dvd region killer\RegKillTray.exe" mRun: [ISUSPM] "f:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler mRun: [OSSelectorReinstall] "f:\program files\common files\acronis\acronis disk director\oss_reinstall.exe" mRun: [AppleSyncNotifier] "f:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe" mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe" mRun: [ZoneAlarm Client] "f:\program files\zone labs\zonealarm\zlclient.exe" mRun: [egui] "f:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRunOnce: [Malwarebytes' Anti-Malware] f:\program files\malwarebytes' anti-malware\mbamgui.exe /install /silent StartupFolder: f:\docume~1\zvisch~1\startm~1\programs\startup\openof~1.lnk - f:\program files\openoffice.org 2.4\program\quickstart.exe IE: Add to AMV Convert Tool... - f:\program files\mp3 player utilities 4.00\amvconverter\grab.html IE: Add to Media Manager... - f:\program files\mp3 player utilities 4.00\mediamanager\grab.html IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - f:\program files\icqlite\ICQLite.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120170377109 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140612129937 DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://192.168.10.253:50000/bl_camera.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5219/mcfscan.cab TCP: {79F5B094-2307-4D8F-8CBA-6CA6F12997D2} = 192.116.202.222,192.115.106.10 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - f:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - f:\docume~1\zvisch~1\applic~1\mozilla\firefox\profiles\mlsjzv2i.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_27.dll FF - component: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll FF - plugin: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll FF - plugin: f:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: f:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: f:\program files\mozilla firefox\plugins\NPZoneSB.dll FF - plugin: f:\program files\picasa2\npPicasa2.dll ---- FIREFOX POLICIES ---- f:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); ============= SERVICES / DRIVERS =============== R0 IFP900;iriver Internet Audio Player IFP-900;f:\windows\system32\drivers\Ifp900.sys [2005-7-19 14531] R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800] R1 KLIF;KLIF;f:\windows\system32\drivers\klif.sys [2009-3-29 148496] R1 vsdatant;vsdatant;f:\windows\system32\vsdatant.sys [2004-6-17 353672] R2 ekrn;Eset Service;f:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224] R2 vsmon;TrueVector Internet Monitor;f:\windows\system32\zonelabs\vsmon.exe -service --> f:\windows\system32\zonelabs\vsmon.exe -service [?] R3 RegKill;RegKill;f:\windows\system32\drivers\RegKill.sys [2002-3-10 6144] S2 AtiBt829;ATI WDM Bt829 Video;f:\windows\system32\drivers\atinbtxx.sys [2001-9-26 60464] S2 BEATUSB;BEATUSB.sys Eratech USB driver;f:\windows\system32\drivers\beatusb.sys [2004-8-25 10988] S2 TTDec;ATI WDM Teletext Decoder;f:\windows\system32\drivers\atinttxx.sys [2001-9-26 20960] S3 ati2mpaa;ati2mpaa;f:\windows\system32\drivers\ati2mpaa.sys [2004-6-15 281856] S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);f:\windows\system32\drivers\ativxbar.sys [2004-6-15 26624] S3 cirrus;cirrus;f:\windows\system32\drivers\cirrus.sys [2005-9-7 45696] S3 DCamVQ110;VQ110 Digital Video Camera;f:\windows\system32\drivers\vq110.sys --> f:\windows\system32\drivers\VQ110.sys [?] S3 ForteUSB;PERSTEL Chic USB Driver Service;f:\windows\system32\drivers\ForteUSB.sys [2004-6-16 10658] S3 ICDUSB2;Sony IC Recorder (P);f:\windows\system32\drivers\IcdUsb2.sys [2005-2-3 39048] S3 RipFlash;RipFlash Digital Music Recoder/Player;f:\windows\system32\drivers\RFlashDX.sys [2004-6-16 11100] =============== Created Last 30 ================ 2009-06-25 15:32 <DIR> --d----- F:\_OTM 2009-06-23 16:15 <DIR> a-dshr-- F:\cmdcons 2009-06-23 15:15 <DIR> -cd----- f:\windows\system32\dllcache\cache 2009-06-16 14:23 <DIR> --d----- f:\program files\MSSOAP 2009-06-16 14:23 <DIR> --d----- f:\program files\Webroot 2009-06-11 15:16 <DIR> --d----- f:\docume~1\zvisch~1\applic~1\Malwarebytes 2009-06-11 15:15 38,160 a------- f:\windows\system32\drivers\mbamswissarmy.sys 2009-06-11 15:15 <DIR> --d----- f:\docume~1\alluse~1\applic~1\Malwarebytes 2009-06-11 15:15 19,096 a------- f:\windows\system32\drivers\mbam.sys 2009-06-11 15:15 <DIR> --d----- f:\program files\Malwarebytes' Anti-Malware 2009-06-10 15:29 <DIR> --d----- f:\documents and settings\zvi schiff\DoctorWeb 2009-06-09 19:12 <DIR> a-dshr-- F:\autorun.inf 2009-06-09 14:53 161,792 a------- f:\windows\SWREG.exe 2009-06-09 14:53 155,136 a------- f:\windows\PEV.exe 2009-06-09 14:53 98,816 a------- f:\windows\sed.exe 2009-06-07 13:26 352 a---h--- f:\windows\nod32fixtemdono.reg 2009-06-07 13:25 <DIR> --d----- f:\program files\ESET ==================== Find3M ==================== 2009-06-25 18:50 2,008,100,896 a--sh--- f:\windows\system32\drivers\fidbox.dat 2009-06-25 15:33 23,528,768 a--sh--- f:\windows\system32\drivers\fidbox.idx 2009-06-08 15:29 1,744 a------- f:\windows\system32\d3d9caps.dat 2009-04-21 17:09 4,212 a---h--- f:\windows\system32\zllictbl.dat 2009-03-30 16:56 48,728 a---h--- f:\windows\system32\mlfcache.dat 2008-02-12 16:14 32 a------- f:\docume~1\alluse~1\applic~1\ezsid.dat 2006-11-19 19:24 252 a------- f:\documents and settings\zvi schiff\test.dat 2003-05-07 18:13 131,072 a------- f:\windows\inf\DriverInstaller.exe ============= FINISH: 18:51:19.93 =============== |
|
|
|
|
Jun 25 2009, 04:40 PM
Post
#12
|
|
|
Malware Disintegrator Group: HJT Team Posts: 10,197 Joined: 21-March 08 Member No.: 197,892 |
Hello.
You had a backdoor. Appears to be only leftovers, but you still should know about this infection. Let me know. Backdoor ThreatIMPORTANT NOTE: Unfortunatly One or more of the identified infections is a backdoor trojan. This allows hackers to remotely control your computer, steal critical system information and download and execute files. I would counsel you to disconnect this PC from the Internet immediately. If you do any banking or other financial transactions on the PC or if it should contain any other sensitive information, please get to a known clean computer and change all passwords where applicable, and it would be wise to contact those same financial institutions to apprise them of your situation. Though the trojan has been identified and can be killed, because of it's backdoor functionality, your PC is very likely compromised and there is no way to be sure your computer can ever again be trusted. Many experts in the security community believe that once infected with this type of trojan, the best course of action would be a reformat and reinstall of the OS. Please read these for more information: How Do I Handle Possible Identify Theft, Internet Fraud and CC Fraud? When Should I Format, How Should I Reinstall We can still clean this machine but I can't guarantee that it will be 100% secure afterwards. Let me know what you decide to do. With Regards, Extremeboy -------------------- Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM. The help you receive here is always free but if you wish to show your appreciation, you may wish to . |
|
|
|
|
Jun 29 2009, 10:51 AM
Post
#13
|
|
|
Member Group: Members Posts: 24 Joined: 11-June 09 Member No.: 341,012 |
I would like to continue with the cleaning.
Any idea how I got it? This post has been edited by zschiff: Jun 29 2009, 10:53 AM |
|
|
|
|
Jun 29 2009, 12:44 PM
Post
#14
|
|
|
Malware Disintegrator Group: HJT Team Posts: 10,197 Joined: 21-March 08 Member No.: 197,892 |
Hello.
Please post a new DDS log then. Thanks With Regards, Extremeboy -------------------- Note: Please do not PM me asking for help, instead please post it in the correct forum requesting for help. Help requests via the PM system will be ignored.
If I'm helping you and I don't reply within 48 hours please feel free to send me a PM. The help you receive here is always free but if you wish to show your appreciation, you may wish to . |
|
|
|
|
Jun 30 2009, 09:16 AM
Post
#15
|
|
|
Member Group: Members Posts: 24 Joined: 11-June 09 Member No.: 341,012 |
DDS (Ver_09-05-14.01) - NTFSx86 Run by Zvi Schiff at 15:19:44.51 on 30-Jun-09 Internet Explorer: 6.0.2900.5512 BrowserJavaVersion: 1.6.0_13 Microsoft Windows XP Professional 5.1.2600.3.1255.972.1033.18.1023.505 [GMT 3:00] AV: ESET NOD32 Antivirus 3.0 *On-access scanning enabled* (Updated) {E5E70D32-0101-4F12-8FB0-D96ACA4F34C0} FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== F:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe F:\WINDOWS\System32\svchost.exe -k netsvcs F:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe F:\WINDOWS\system32\spoolsv.exe svchost.exe F:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe F:\Program Files\Bonjour\mDNSResponder.exe F:\Program Files\ESET\ESET NOD32 Antivirus\ekrn.exe F:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe F:\Program Files\Java\jre6\bin\jqs.exe F:\WINDOWS\system32\svchost.exe -k imgsvc F:\WINDOWS\system32\ZoneLabs\vsmon.exe F:\WINDOWS\Explorer.EXE F:\Program Files\Elaborate Bytes\DVD Region Killer\RegKillTray.exe F:\Program Files\Common Files\InstallShield\UpdateService\ISUSPM.exe F:\Program Files\iTunes\iTunesHelper.exe F:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe F:\Program Files\ESET\ESET NOD32 Antivirus\egui.exe F:\Program Files\iriver\iriver plus 2\iAgent2.exe F:\Program Files\Spybot - Search & Destroy\TeaTimer.exe F:\WINDOWS\system32\ctfmon.exe F:\WINDOWS\System32\svchost.exe -k HTTPFilter F:\Program Files\OpenOffice.org 2.4\program\soffice.exe F:\Program Files\OpenOffice.org 2.4\program\soffice.BIN F:\Program Files\iPod\bin\iPodService.exe F:\Documents and Settings\Zvi Schiff\Desktop\anti virus\dds.scr ============== Pseudo HJT Report =============== uStart Page = about:blank uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8 uDefault_Search_URL = hxxp://www.google.com/ie uInternet Settings,ProxyOverride = *.local uSearchURL,(Default) = hxxp://www.google.com/search?q=%s BHO: Adobe PDF Reader Link Helper: {06849e9f-c8d7-4d59-b87d-784b7d6be0b3} - f:\program files\adobe\acrobat 7.0\activex\AcroIEHelper.dll BHO: Spybot-S&D IE Protection: {53707962-6f74-2d53-2644-206d7942484f} - f:\progra~1\spybot~1\SDHelper.dll BHO: {54B02808-B60E-44CD-A72D-9865117E4E62} - No File BHO: WsftpBrowserHelper Class: {601ed020-fb6c-11d3-87d8-0050da59922b} - f:\program files\ws_ftp pro\wsbho2k0.dll BHO: AGFormHelperObj Class: {6620e618-1ab9-4eb2-aca4-cbbe9066dbe6} - f:\program files\agat\agform\AGFormsHelper.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - f:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - f:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - f:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: AGForms: {ed2e7de7-07db-4941-a06d-f780b93ba730} - f:\program files\agat\agform\AGForms.dll EB: {4528BBE0-4E08-11D5-AD55-00010333D0AD} - No File EB: {32683183-48a0-441b-a342-7c2a440a9478} - No File uRun: [iPlusAgent2] "f:\program files\iriver\iriver plus 2\iAgent2.exe" uRun: [SpybotSD TeaTimer] "f:\program files\spybot - search & destroy\TeaTimer.exe" uRun: [ctfmon.exe] f:\windows\system32\ctfmon.exe uRun: [Microsoft Update Time] wuam.exe mRun: [IMONTRAY] "f:\program files\intel\intel® active monitor\imontray.exe" mRun: [RegKillElbyCheck] "f:\program files\elaborate bytes\dvd region killer\ElbyCheck.exe" /L RegKill mRun: [RegKillTray] "f:\program files\elaborate bytes\dvd region killer\RegKillTray.exe" mRun: [ISUSPM] "f:\program files\common files\installshield\updateservice\ISUSPM.exe" -scheduler mRun: [OSSelectorReinstall] "f:\program files\common files\acronis\acronis disk director\oss_reinstall.exe" mRun: [AppleSyncNotifier] "f:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe" mRun: [iTunesHelper] "f:\program files\itunes\iTunesHelper.exe" mRun: [ZoneAlarm Client] "f:\program files\zone labs\zonealarm\zlclient.exe" mRun: [egui] "f:\program files\eset\eset nod32 antivirus\egui.exe" /hide /waitservice mRun: [Microsoft Update Time] wuam.exe mRunServices: [Microsoft DirectX] PDSched.exe mRunServices: [Microsoft Update Time] wuam.exe StartupFolder: f:\docume~1\zvisch~1\startm~1\programs\startup\openof~1.lnk - f:\program files\openoffice.org 2.4\program\quickstart.exe IE: Add to AMV Convert Tool... - f:\program files\mp3 player utilities 4.00\amvconverter\grab.html IE: Add to Media Manager... - f:\program files\mp3 player utilities 4.00\mediamanager\grab.html IE: {B863453A-26C3-4e1f-A54D-A2CD196348E9} - f:\program files\icqlite\ICQLite.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - f:\program files\messenger\msmsgs.exe IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - f:\progra~1\micros~2\office11\REFIEBAR.DLL IE: {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - {53707962-6F74-2D53-2644-206D7942484F} - f:\progra~1\spybot~1\SDHelper.dll DPF: {31435657-9980-0010-8000-00AA00389B71} - hxxp://download.microsoft.com/download/e/2/f/e2fcec4b-6c8b-48b7-adab-ab9c403a978f/wvc1dmo.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1120170377109 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1140612129937 DPF: {87BE3784-6977-4E84-AA08-55A96B9CEAC5} - hxxp://192.168.10.253:50000/bl_camera.cab DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} - hxxp://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab DPF: {CAFEEFAC-0015-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.5.0/jinstall-1_5_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0001-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_01-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0002-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_02-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0003-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_03-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0004-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_04-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0005-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_05-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_13-windows-i586.cab DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} - hxxp://fpdownload.macromedia.com/pub/shockwave/cabs/flash/swflash.cab DPF: {EF791A6B-FC12-4C68-99EF-FB9E207A39E6} - hxxp://download.mcafee.com/molbin/iss-loc/mcfscan/2,2,0,5219/mcfscan.cab TCP: {79F5B094-2307-4D8F-8CBA-6CA6F12997D2} = 192.116.202.222,192.115.106.10 Handler: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - f:\progra~1\common~1\skype\SKYPE4~1.DLL SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - f:\windows\system32\WPDShServiceObj.dll ================= FIREFOX =================== FF - ProfilePath - f:\docume~1\zvisch~1\applic~1\mozilla\firefox\profiles\mlsjzv2i.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ FF - component: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\{22119944-ed35-4ab1-910b-e619ea06a115}\components\rfproxy_27.dll FF - component: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\{a7c6cf7f-112c-4500-a7ea-39801a327e5f}\platform\winnt_x86-msvc\components\ipc.dll FF - plugin: f:\documents and settings\zvi schiff\application data\mozilla\firefox\profiles\mlsjzv2i.default\extensions\logmeinclient@logmein.com\plugins\npRACtrl.dll FF - plugin: f:\program files\google\google updater\2.4.1536.6592\npCIDetect13.dll FF - plugin: f:\program files\mozilla firefox\plugins\npViewpoint.dll FF - plugin: f:\program files\mozilla firefox\plugins\NPZoneSB.dll FF - plugin: f:\program files\picasa2\npPicasa2.dll ---- FIREFOX POLICIES ---- f:\program files\mozilla firefox\defaults\pref\activex.js - pref("capability.policy.default.ClassID.CIDFE0BD779-44EE-4A4B-AA2E-743C63F2E5E6", "AllAccess"); ============= SERVICES / DRIVERS =============== R0 IFP900;iriver Internet Audio Player IFP-900;f:\windows\system32\drivers\Ifp900.sys [2005-7-19 14531] R1 epfwtdir;epfwtdir;f:\windows\system32\drivers\epfwtdir.sys [2007-12-21 33800] R1 KLIF;KLIF;f:\windows\system32\drivers\klif.sys [2009-3-29 148496] R1 vsdatant;vsdatant;f:\windows\system32\vsdatant.sys [2004-6-17 353672] R2 ekrn;Eset Service;f:\program files\eset\eset nod32 antivirus\ekrn.exe [2007-12-21 468224] R2 vsmon;TrueVector Internet Monitor;f:\windows\system32\zonelabs\vsmon.exe -service --> f:\windows\system32\zonelabs\vsmon.exe -service [?] R3 RegKill;RegKill;f:\windows\system32\drivers\RegKill.sys [2002-3-10 6144] S2 AtiBt829;ATI WDM Bt829 Video;f:\windows\system32\drivers\atinbtxx.sys [2001-9-26 60464] S2 BEATUSB;BEATUSB.sys Eratech USB driver;f:\windows\system32\drivers\beatusb.sys [2004-8-25 10988] S2 TTDec;ATI WDM Teletext Decoder;f:\windows\system32\drivers\atinttxx.sys [2001-9-26 20960] S3 ati2mpaa;ati2mpaa;f:\windows\system32\drivers\ati2mpaa.sys [2004-6-15 281856] S3 ATIVXSXX;ATI Audio Crossbar (ATIVXBAR);f:\windows\system32\drivers\ativxbar.sys [2004-6-15 26624] S3 cirrus;cirrus;f:\windows\system32\drivers\cirrus.sys [2005-9-7 45696] S3 DCamVQ110;VQ110 Digital Video Camera;f:\windows\system32\drivers\vq110.sys --> f:\windows\system32\drivers\VQ110.sys [?] S3 ForteUSB;PERSTEL Chic USB Driver Service;f:\windows\system32\drivers\ForteUSB.sys [2004-6-16 10658] S3 ICDUSB2;Sony IC Recorder (P);f:\windows\system32\drivers\IcdUsb2.sys [2005-2-3 39048] S3 RipFlash;RipFlash Digital Music Recoder/Player;f:\windows\system32\drivers\RFlashDX.sys [2004-6-16 11100] =============== Created Last 30 ================ 2009-06-25 15:32 <DIR> --d----- F:\_OTM 2009-06-23 16:15 <DIR> a-dshr-- F:\cmdcons 2009-06-23 15:15 <DIR> -cd----- f:\windows\system32\dllcache\cache 2009-06-16 14:23 <DIR> --d----- f:\program files\MSSOAP 2009-06-16 14:23 <DIR> --d----- f:\program files\Webroot 2009-06-11 15:16 <DIR> --d----- f:\docume~1\zvisch~1\applic~1\Malwarebytes 2009-06-11 15:15 38,160 a------- f:\windows\system32\drivers\mbamswissarmy.sys 2009-06-11 15:15 <DIR> --d----- f:\docume~1\alluse~1\applic~1\Malwarebytes 2009-06-11 15:15 19,096 a------- f:\windows\system32\drivers\mbam.sys 2009-06-11 15:15 <DIR> --d----- f:\program files\Malwarebytes' Anti-Malware 2009-06-10 15:29 <DIR> --d----- f:\documents and settings\zvi schiff\DoctorWeb 2009-06-09 19:12 <DIR> a-dshr-- F:\autorun.inf 2009-06-09 14:53 161,792 a------- f:\windows\SWREG.exe 2009-06-09 14:53 155,136 a------- f:\windows\PEV.exe 2009-06-09 14:53 98,816 a------- f:\windows\sed.exe 2009-06-07 13:26 352 a---h--- f:\windows\nod32fixtemdono.reg 2009-06-07 13:25 <DIR> --d----- f:\program files\ESET ==================== Find3M ==================== 2009-06-30 15:19 2,008,506,400 a--sh--- f:\windows\system32\drivers\fidbox.dat 2009-06-25 19:34 23,539,760 a--sh--- f:\windows\system32\drivers\fidbox.idx 2009-06-08 15:29 1,744 a------- f:\windows\system32\d3d9caps.dat 2009-04-21 17:09 4,212 a---h--- f:\windows\system32\zllictbl.dat 2008-02-12 16:14 32 a------- f:\docume~1\alluse~1\applic~1\ezsid.dat 2006-11-19 19:24 252 a------- f:\documents and settings\zvi schiff\test.dat 2003-05-07 18:13 131,072 a------- f:\windows\inf\DriverInstaller.exe ============= FINISH: 15:20:58.64 ===============
Attached File(s)
|
|
|
|
|
1 User(s) are reading this topic (1 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 9th February 2010 - 03:00 PM |
© 2003-2010 All Rights Reserved Bleeping Computer LLC.