Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Been infected need help with the result


  • This topic is locked This topic is locked
2 replies to this topic

#1 iceweasel

iceweasel

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:10:09 AM

Posted 20 September 2009 - 07:03 PM

I was tipped of by the fact my hidden files weren't showing. I've reset the value in folder view to show hiddens, and a second or so refreshing and it's reverted back to the don't show hidden.

I also played around with the registry setting and the same thing, as soon as I set it to something it would revert back to the previous... Obviously something was up. I found there was something running off explorer that was messing with the registry.

I found and ran combofix, upon its completion I have some questions I was looking to find answers to. Hopefully someone can help me out.

Here' the combofix log:

ComboFix 09-09-18.02 - Courtney 09/20/2009 16:08.1.1 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.958.761 [GMT -4:00]
Running from: c:\documents and settings\Courtney\Desktop\Installers\ComboFix.exe
AV: ZoneAlarm Security Suite Antivirus *On-access scanning disabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF}
FW: ZoneAlarm Security Suite Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\2o1ajagt.exe
C:\autorun.inf
C:\cqb6wo.exe
c:\docume~1\Courtney\LOCALS~1\Temp\cvasds0.dll
c:\docume~1\Courtney\LOCALS~1\Temp\cvasds1.dll
C:\drivers
c:\drivers\AS35-CPU.zip
c:\drivers\AS35-Launch Manager.zip
c:\drivers\AS35-VGA.zip
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\current\WIN2000\sisagp.cat
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\current\WIN2000\sisagp.inf
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\current\WIN2000\sisagpx.sys
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\current\WIN2003\sisagp.cat
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\current\WIN2003\sisagp.inf
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\current\WIN2003\sisagpx.sys
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\current\WIN98\sisagp.cat
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\current\WIN98\sisagp.inf
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\current\WIN98\SISAGP.PCI
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\current\WINME\sisagp.cat
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\current\WINME\sisagp.inf
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\current\WINME\SISAGP.PCI
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\current\WINXP\sisagp.cat
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\current\WINXP\sisagp.inf
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\current\WINXP\sisagpx.sys
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\old\WIN2000\sisagp.cat
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\old\WIN2000\sisagp.inf
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\old\WIN2000\sisagpx.sys
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\old\WIN98\sisagp.cat
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\old\WIN98\sisagp.inf
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\old\WIN98\SISAGP.pci
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\old\WINME\sisagp.cat
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\old\WINME\sisagp.inf
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\old\WINME\SISAGP.pci
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\old\WINXP\sisagp.cat
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\old\WINXP\sisagp.inf
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\AGP\old\WINXP\sisagpx.sys
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\data1.cab
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\data1.hdr
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\data2.cab
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\engine32.cab
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\layout.bin
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\README.TXT
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\RelNote.txt
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\setup-s.bat
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\setup.boot
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\setup.exe
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\setup.ini
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\setup.inx
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\setup.iss
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\SISfiles\AGPFunc.dll
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\SISfiles\ata133ap.exe
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\SISfiles\instdrv.exe
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\SISfiles\SISAGP98.dll
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\SISfiles\waitwnd.exe
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\USB\Win2K_XP\WinXPUSB\SIS_LIB.DLL
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\USB\Win2K_XP\WinXPUSB\SISPORT.SYS
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\USB\Win2K_XP\WinXPUSB\SiSUSBrg.exe
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\USB\Win9x\SiSFiles\Mp_s3.exe
c:\drivers\AS35-VGA\Drivers\VGA\AGPPack\USB\Win9x\SiSFiles\Openhci.sys
c:\drivers\AS35-VGA\Drivers\VGA\data1.cab
c:\drivers\AS35-VGA\Drivers\VGA\data1.hdr
c:\drivers\AS35-VGA\Drivers\VGA\data2.cab
c:\drivers\AS35-VGA\Drivers\VGA\engine32.cab
c:\drivers\AS35-VGA\Drivers\VGA\Language\0006.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\0007.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\0009.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\000a.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\000b.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\0010.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\0011.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\0012.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\0013.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\0014.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\0019.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\001d.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\001e.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\0404.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\040c.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\0416.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\0804.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\0816.lng
c:\drivers\AS35-VGA\Drivers\VGA\Language\0c0c.lng
c:\drivers\AS35-VGA\Drivers\VGA\layout.bin
c:\drivers\AS35-VGA\Drivers\VGA\ReadMe.txt
c:\drivers\AS35-VGA\Drivers\VGA\setup.boot
c:\drivers\AS35-VGA\Drivers\VGA\Setup.cmd
c:\drivers\AS35-VGA\Drivers\VGA\setup.exe
c:\drivers\AS35-VGA\Drivers\VGA\Setup.ini
c:\drivers\AS35-VGA\Drivers\VGA\setup.inx
c:\drivers\AS35-VGA\Drivers\VGA\Setup.iss
c:\drivers\AS35-VGA\Drivers\VGA\setupDLL\Instdrv.exe
c:\drivers\AS35-VGA\Drivers\VGA\setupDLL\IsUninst.exe
c:\drivers\AS35-VGA\Drivers\VGA\setupDLL\Progress.exe
c:\drivers\AS35-VGA\Drivers\VGA\setupDLL\waitwnd.exe
c:\drivers\AS35-VGA\Drivers\VGA\SETUPRES\Setup.bmp
c:\drivers\AS35-VGA\Drivers\VGA\SETUPRES\Setup16.bmp
c:\drivers\AS35-VGA\Drivers\VGA\SETUPRES\title.bmp
c:\drivers\AS35-VGA\Drivers\VGA\utilDLL\9xBin\315\oemrom.bin
c:\drivers\AS35-VGA\Drivers\VGA\utilDLL\9xBin\Xabre\oemrom.bin
c:\drivers\AS35-VGA\Drivers\VGA\utilDLL\LCDMode.exe
c:\drivers\AS35-VGA\Drivers\VGA\utilDLL\ntBin\sis315.bin
c:\drivers\AS35-VGA\Drivers\VGA\utilDLL\ntBin\xabre.bin
c:\drivers\AS35-VGA\Drivers\VGA\utilDLL\SiSApCom.dll
c:\drivers\AS35-VGA\Drivers\VGA\utilDLL\SiSCom.dll
c:\drivers\AS35-VGA\Drivers\VGA\utilDLL\SiSCom.ini
c:\drivers\AS35-VGA\Drivers\VGA\utilDLL\SiSCom.sys
c:\drivers\AS35-VGA\Drivers\VGA\utilDLL\SiSHook.dll
c:\drivers\AS35-VGA\Drivers\VGA\utilDLL\sislib.dll
c:\drivers\AS35-VGA\Drivers\VGA\utilDLL\sislib.ini
c:\drivers\AS35-VGA\Drivers\VGA\utilDLL\sisvb.dll
c:\drivers\AS35-VGA\Drivers\VGA\utilDLL\TVMode.dll
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\3DWizard\sisut3d.dll
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Gamma\gamma.bmp
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\General\Bk31x.bmp
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\General\logo.bmp
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\ICO\trayicon.ico
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\ICO\UNINS.ico
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\ICO\XRotate.ico
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Info\650.bmp
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Info\651.bmp
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Info\740.bmp
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Info\mirage.bmp
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Info\mirage1.bmp
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Info\mirage2.bmp
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Info\mirage3.bmp
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Manager\SIS3D.AVI
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Manager\SISDM.AVI
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Manager\SISGAMMA.AVI
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Manager\SISINFO.AVI
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Manager\SISTV.AVI
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Manager\SISTVLCD.AVI
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Manager\SISVIDEO.AVI
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Sistray\traylogo.bmp
c:\drivers\AS35-VGA\Drivers\VGA\UtilRes\Video\overlay1.bmp
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\InstFunc.dll
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\InstFunc.exe
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\sis650.bin
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\sis660.bin
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\sis740.bin
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\sis741.bin
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\sis760.bin
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\SiSBase.dll
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\sisgl.dll
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\sisgr.cat
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\sisgr.inf
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\sisgrp.sys
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\sisgrv.dll
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\SiSInst.dll
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\SiSParse.dll
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\SiSPInst.dll
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\SiSPower.dll
c:\drivers\AS35-VGA\Drivers\VGA\WinXP_2K\srvkp.sys
c:\drivers\AS35_WINFLASH.zip
c:\drivers\New Text Document.txt
c:\drivers\Realtek_A385.zip
c:\drivers\Realtek_A385\385_522\alcchkid.exe
c:\drivers\Realtek_A385\385_522\alcrmv.exe
c:\drivers\Realtek_A385\385_522\alcrmv64.exe
c:\drivers\Realtek_A385\385_522\alcrmv9x.exe
c:\drivers\Realtek_A385\385_522\alcupd.exe
c:\drivers\Realtek_A385\385_522\AlcUpd64.exe
c:\drivers\Realtek_A385\385_522\ALCXDEV.EXE
c:\drivers\Realtek_A385\385_522\ChCfg.exe
c:\drivers\Realtek_A385\385_522\CPLIcon.ico
c:\drivers\Realtek_A385\385_522\data1.cab
c:\drivers\Realtek_A385\385_522\data1.hdr
c:\drivers\Realtek_A385\385_522\data2.cab
c:\drivers\Realtek_A385\385_522\engine32.cab
c:\drivers\Realtek_A385\385_522\GETDXVER.EXE
c:\drivers\Realtek_A385\385_522\layout.bin
c:\drivers\Realtek_A385\385_522\README.TXT
c:\drivers\Realtek_A385\385_522\SetCDfmt.exe
c:\drivers\Realtek_A385\385_522\setup.exe
c:\drivers\Realtek_A385\385_522\setup.ibt
c:\drivers\Realtek_A385\385_522\setup.ini
c:\drivers\Realtek_A385\385_522\setup.inx
c:\drivers\Realtek_A385\385_522\setup.isn
c:\drivers\Realtek_A385\385_522\setup.iss
c:\drivers\Realtek_A385\385_522\SetupEx.ini
c:\drivers\Realtek_A385\385_522\SOUNDMAN.ICO
c:\drivers\Realtek_A385\385_522\WDM\alcrmv.exe
c:\drivers\Realtek_A385\385_522\WDM\alcrmv64.exe
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm.cat
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm0.cat
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm0.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm1.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm10.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm11.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm12.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm13.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm14.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm15.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm16.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm17.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm18.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm19.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm2.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm20.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm3.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm4.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm5.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm6.inf
c:\drivers\Realtek_A385\385_522\WDM\alcwdm64.sys
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm7.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm8.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcwdm9.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau0.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau1.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau10.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau11.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau12.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau13.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau14.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau15.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau16.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau17.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau18.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau19.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau2.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau20.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau21.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau22.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau23.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau24.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau25.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau26.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau27.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau28.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau3.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau4.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau5.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau6.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau7.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau8.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxau9.inf
c:\drivers\Realtek_A385\385_522\WDM\Alcxwdm.cat
c:\drivers\Realtek_A385\385_522\WDM\alcxwdm.sys
c:\drivers\Realtek_A385\385_522\WDM\Alcxwdm0.cat
c:\drivers\Realtek_A385\385_522\WDM\ALSndMgr.cpl
c:\drivers\Realtek_A385\385_522\WDM\ALSNDMGR.WAV
c:\drivers\Realtek_A385\385_522\WDM\ChCfg.exe
c:\drivers\Realtek_A385\385_522\WDM\CPLUtl64.exe
c:\drivers\Realtek_A385\385_522\WDM\RtlCPAPI.dll
c:\drivers\Realtek_A385\385_522\WDM\RTLCPL.exe
c:\drivers\Realtek_A385\385_522\WDM\SoundMan.exe
c:\drivers\ZL53A27.WPH
C:\eyt.exe
C:\install.exe
C:\lhh3v.exe
c:\program files\Windows Police Pro
c:\program files\Windows Police Pro\ANTI_files.exe

c:\windows\AhnRpta.exe
c:\windows\COUPON~1.OCX
c:\windows\CouponPrinter.ocx
c:\windows\Installer\WMEncoder.msi
c:\windows\system32\autorun.ini
c:\windows\system32\drivers\rotscxoepkmpyb.sys
c:\windows\system32\e8MAin0.dll
c:\windows\system32\nmdfgds1.dll
c:\windows\system32\olhrwef.exe
c:\windows\system32\rotscxcvblnixe.dll
c:\windows\system32\rotscxrtqpxuru.dll
c:\windows\system32\rotscxtyqjyoui.dat
c:\windows\system32\rotscxviuqotfu.dat

C:\wrsf.exe
C:\yudald.bat
D:\autorun.inf
D:\cqb6wo.exe
D:\eyt.exe
D:\lhh3v.exe
D:\wrsf.exe
D:\yudald.bat

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_rotscxboylvrgk
-------\Legacy_rotscxboylvrgk


((((((((((((((((((((((((( Files Created from 2009-08-20 to 2009-09-20 )))))))))))))))))))))))))))))))
.

2017-03-30 17:03 . 2017-03-30 17:03 -------- d-----w- c:\documents and settings\Courtney\Application Data\Talkback
2009-09-20 18:52 . 2008-04-14 02:05 36224 ----a-w- c:\windows\system32\dllcache\an983.sys
2009-09-20 18:52 . 2008-04-14 02:06 10880 ----a-w- c:\windows\system32\dllcache\admjoy.sys
2009-09-20 18:52 . 2008-04-14 02:06 84480 ----a-w- c:\windows\system32\dllcache\ac97via.sys
2009-09-20 18:52 . 2008-04-14 02:06 231552 ----a-w- c:\windows\system32\dllcache\ac97ali.sys
2009-09-20 18:52 . 2008-04-14 04:16 48128 ----a-w- c:\windows\system32\dllcache\61883.sys
2009-09-20 18:52 . 2008-04-14 04:10 12288 ----a-w- c:\windows\system32\dllcache\4mmdat.sys
2009-09-20 18:52 . 2008-04-14 04:16 53376 ----a-w- c:\windows\system32\dllcache\1394bus.sys
2009-09-20 07:19 . 2009-09-20 07:19 -------- d-----w- c:\program files\Elaborate Bytes
2009-09-20 06:59 . 2009-09-20 06:59 -------- d-----w- c:\documents and settings\All Users\Application Data\DAEMON Tools Lite
2009-09-20 06:59 . 2009-09-20 06:59 -------- d-----w- c:\program files\DAEMON Tools Toolbar
2009-09-20 06:07 . 2009-09-20 07:08 722416 ----a-w- c:\windows\system32\drivers\sptd.sys
2009-09-20 04:40 . 2009-09-20 04:40 -------- d-----w- C:\CRZ0NNW7
2009-09-19 18:19 . 2009-09-19 18:19 -------- d-----w- C:\WME
2009-09-18 04:51 . 2009-09-18 04:51 -------- d-----w- c:\documents and settings\Courtney\.dvdcss
2009-09-18 04:50 . 2009-09-18 04:50 -------- d-----w- c:\program files\Digiarty
2009-09-18 04:12 . 2009-09-18 04:12 -------- d-----w- c:\windows\Performance
2009-09-18 04:02 . 2009-09-18 04:02 -------- d-----w- c:\documents and settings\Courtney\Local Settings\Application Data\Microsoft Corporation
2009-09-18 04:01 . 2009-09-18 04:01 -------- d-----w- c:\program files\Microsoft Windows 7 Upgrade Advisor
2009-09-16 16:10 . 2009-09-16 19:17 116163 --sh--r- C:\qcod.exe
2009-09-05 16:28 . 2009-09-05 16:28 -------- d-----w- c:\documents and settings\Courtney\Application Data\#ISW.FS#
2009-09-05 16:27 . 2009-09-05 16:27 -------- d-----w- c:\documents and settings\Courtney\Downloads
2009-09-05 16:19 . 2009-09-05 16:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky SDK
2009-09-05 16:13 . 2009-09-05 16:13 -------- d-----w- c:\documents and settings\Courtney\Application Data\MailFrontier
2009-09-05 16:06 . 2009-09-05 16:06 -------- d-----w- c:\documents and settings\Courtney\Application Data\CheckPoint
2009-09-05 16:05 . 2009-09-05 16:05 -------- d-----w- c:\program files\CheckPoint
2009-09-05 16:05 . 2009-08-27 01:09 72584 ----a-w- c:\windows\zllsputility.exe
2009-09-05 16:05 . 2009-08-27 01:08 69000 ----a-w- c:\windows\system32\zlcomm.dll
2009-09-05 16:05 . 2009-08-27 01:08 103816 ----a-w- c:\windows\system32\zlcommdb.dll
2009-09-05 16:05 . 2009-08-27 01:08 1238408 ----a-w- c:\windows\system32\zpeng25.dll
2009-08-26 19:04 . 2009-08-26 19:04 -------- d-----w- c:\program files\PSM5
2009-08-24 19:37 . 2009-08-24 19:37 -------- d-----w- c:\documents and settings\Courtney\Application Data\Dev-Cpp
2009-08-24 19:36 . 2009-08-24 19:36 -------- d-----w- C:\Dev-Cpp
2009-08-24 14:41 . 2009-08-24 14:41 -------- d-----w- c:\program files\Microsoft Visual Studio 9.0
2009-08-24 14:39 . 2009-08-24 14:39 -------- d-----w- c:\program files\Microsoft SDKs

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-20 19:12 . 2007-08-18 19:57 4212 ---ha-w- c:\windows\system32\zllictbl.dat
2009-08-10 21:08 . 2009-08-10 21:08 229208 ----a-w- c:\windows\system32\drivers\VMM.sys
2009-07-09 16:07 . 2006-02-16 23:45 58696 ----a-w- c:\documents and settings\Courtney\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-26 16:50 . 2002-06-26 01:50 666624 ----a-w- c:\windows\system32\wininet.dll
2009-06-26 16:50 . 1980-01-01 04:00 81920 ------w- c:\windows\system32\ieencode.dll
1998-12-09 01:53 . 1998-12-09 01:53 99840 ----a-w- c:\program files\Common Files\IRAABOUT.DLL
1998-12-09 01:53 . 1998-12-09 01:53 70144 ----a-w- c:\program files\Common Files\IRAMDMTR.DLL
1998-12-09 01:53 . 1998-12-09 01:53 48640 ----a-w- c:\program files\Common Files\IRALPTTR.DLL
1998-12-09 01:53 . 1998-12-09 01:53 31744 ----a-w- c:\program files\Common Files\IRAWEBTR.DLL
1998-12-09 01:53 . 1998-12-09 01:53 186368 ----a-w- c:\program files\Common Files\IRAREG.DLL
1998-12-09 01:53 . 1998-12-09 01:53 17920 ----a-w- c:\program files\Common Files\IRASRIAL.DLL
2007-02-08 14:48 . 2007-02-08 14:48 133920 ----a-w- c:\program files\internet explorer\plugins\LV82ActiveXControl.dll
2007-07-24 22:03 . 2007-07-24 22:03 118784 ----a-w- c:\program files\internet explorer\plugins\LV85ActiveXControl.dll
2006-05-03 10:06 . 2008-05-22 18:39 163328 --sh--r- c:\windows\system32\flvDX.dll
2007-02-21 11:47 . 2008-05-22 18:39 31232 --sh--r- c:\windows\system32\msfDX.dll
2007-12-17 13:43 . 2008-05-22 18:39 27648 --sh--w- c:\windows\system32\Smab0.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\1TortoiseNormal]
@="{C5994560-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994560-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\2TortoiseModified]
@="{C5994561-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994561-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\3TortoiseConflict]
@="{C5994562-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994562-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\4TortoiseLocked]
@="{C5994563-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994563-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\5TortoiseReadOnly]
@="{C5994564-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994564-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\6TortoiseDeleted]
@="{C5994565-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994565-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\7TortoiseAdded]
@="{C5994566-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994566-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\8TortoiseIgnored]
@="{C5994567-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994567-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shelliconoverlayidentifiers\9TortoiseUnversioned]
@="{C5994568-53D9-4125-87C9-F193FC689CB2}"
[HKEY_CLASSES_ROOT\CLSID\{C5994568-53D9-4125-87C9-F193FC689CB2}]
2008-01-16 21:52 80384 ----a-w- c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-03-31 68856]
"DrvMon.exe"="c:\windows\system32\DrvMon.exe" [2006-06-15 53248]
"updateMgr"="c:\progra~1\Adobe\ACROBA~2.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LaunchApp"="Alaunch" [X]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2004-10-08 98394]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2004-10-08 688218]
"PCMService"="c:\program files\Arcade\PCMService.exe" [2005-03-09 49152]
"WinampAgent"="c:\program files\Winamp\winampa.exe" [2006-06-21 35328]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2006-01-12 155648]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2006-10-30 256576]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"RemoteControl"="c:\program files\CyberLink\PowerDVD\PDVDServ.exe" [2003-10-31 32768]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"LManager"="c:\program files\Launch Manager\QtZgAcer.EXE" [2005-02-23 315392]
"SiS Windows KeyHook"="c:\windows\system32\keyhook.exe" [2005-03-04 32768]
"NI Background Service"="c:\program files\National Instruments\Shared\Update Service\BackgroundService.exe" [2008-04-03 77824]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]
"Monitor"="c:\program files\LeapFrog\LeapFrog Connect\Monitor.exe" [2008-11-25 356352]
"PaperPort PTD"="c:\program files\ScanSoft\PaperPort\pptd40nt.exe" [2003-09-06 57393]
"IndexSearch"="c:\program files\ScanSoft\PaperPort\IndexSearch.exe" [2003-09-06 40960]
"MP10_EnsureFileVer"="c:\windows\inf\unregmp2.exe" [2008-04-14 208896]
"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-08-27 1011080]
"ISW"="c:\program files\CheckPoint\ZAForceField\ForceField.exe" [2009-08-26 722288]
"VirtualCloneDrive"="c:\program files\Elaborate Bytes\VirtualCloneDrive\VCDDaemon.exe" [2009-05-26 85160]
"SiSPower"="SiSPower.dll" - c:\windows\system32\SiSPower.dll [2005-02-25 49152]
"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-03-01 577536]
"AGRSMMSG"="AGRSMMSG.exe" - c:\windows\AGRSMMSG.exe [2004-10-07 88363]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Symantec Fax Starter Edition Port.lnk - c:\program files\Microsoft Office\Office\1033\OLFSNT40.EXE [1998-12-23 45568]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
KODAK Software Updater.lnk - c:\program files\Kodak\KODAK Software Updater\7288971\Program\Kodak Software Updater.exe [2004-2-13 16423]
Kodak EasyShare software.lnk - c:\program files\Kodak\Kodak EasyShare software\bin\EasyShare.exe [2006-6-14 180224]
Adobe Reader Speed Launch.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2006-3-1 113664]
Acrobat Assistant.lnk - c:\program files\Adobe\Acrobat 5.0\Distillr\AcroTray.exe [2007-5-24 49254]
Utility Tray.lnk - c:\windows\system32\sistray.exe [2005-3-7 331776]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"CAISafe"=3 (0x3)

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"c:\\Documents and Settings\\Courtney\\Desktop\\TyTool10r4\\TyTool10r4.exe"=
"c:\\Program Files\\MultimediaFeed.com\\MultimediaFeed MP3 Tagger\\MultimediaFeed MP3 Tagger.exe"=
"c:\\Program Files\\Kodak\\KODAK Software Updater\\7288971\\Program\\Kodak Software Updater.exe"=
"c:\\Program Files\\UltraVNC\\vncviewer.exe"=
"c:\\Program Files\\Logitech\\Logitech Harmony Remote Software 7\\HarmonyRemote.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\WINDOWS\\System32\\ZoneLabs\\vsmon.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"13364:UDP"= 13364:UDP:@xpsp2res.dll,
"13107:UDP"= 13107:UDP:@xpsp2res.dll,

R2 Apache2.2;Apache2.2;d:\www\WebServer\bin\httpd.exe [9/5/2007 8:59 AM 24635]
R2 ISWKL;ZoneAlarm Toolbar ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [8/26/2009 12:20 PM 25208]
R2 IswSvc;ZoneAlarm Toolbar IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [8/26/2009 12:20 PM 435568]
S2 EFTP3Server;EFTP3 Server;c:\program files\EFTP\EFTP3ServerService.exe /startedbyscm:3FDC8373-40E29588-EFTP3Server --> c:\program files\EFTP\EFTP3ServerService.exe [?]
S3 fd_dbus;FutureDial USB Composite Device driver (WDM);c:\windows\system32\drivers\fd_dbus.sys [7/21/2006 3:37 PM 61600]
S3 fd_dmdfl;FutureDial USB Modem Filter;c:\windows\system32\drivers\fd_dmdfl.sys [7/21/2006 3:37 PM 9200]
S3 fd_dmdm;FutureDial USB Modem Drivers;c:\windows\system32\drivers\fd_dmdm.sys [7/21/2006 3:37 PM 88288]
S3 misalign;Data Misalignment Exception Kernel Driver;c:\windows\system32\drivers\misalign.sys [1/23/2007 12:50 AM 8832]
S3 NPF;NetGroup Packet Filter Driver;c:\windows\system32\drivers\npf.sys [8/2/2005 5:10 PM 32512]

--- Other Services/Drivers In Memory ---

*Deregistered* - uphcleanhlp
.
Contents of the 'Scheduled Tasks' folder

2009-09-20 c:\windows\Tasks\Google Software Updater.job
- c:\program files\Google\Common\Google Updater\GoogleUpdaterService.exe [2007-01-27 21:01]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://my.ebay.com/ws/eBayISAPI.dll?MyEbayBeta&_trksid=m38&gbh=1&MyEbay=&guest=1
uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://www.google.com/ie
uInternet Connection Wizard,ShellNext = hxxp://global.acer.com/
uSearchURL,(Default) = hxxp://www.google.com/search?q=%s
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
DPF: {5445BE81-B796-11D2-B931-002018654E2E} - hxxp://support.cengage.com/system/web/view/live/messaging/ie/SecMgr.cab
DPF: {6F0C8A89-8B0D-11D2-801B-00105AA78F4A} - hxxp://ecare1a.netopia.com/uhaul3/ecare4/components/CobAgent_4.2.1.318.cab
FF - ProfilePath - c:\documents and settings\Courtney\Application Data\Mozilla\Firefox\Profiles\77yvhh3z.default\
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com
FF - prefs.js: browser.search.selectedEngine - DAEMON Search
FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll
FF - plugin: c:\program files\Google\Google Updater\2.4.1536.6592\npCIDetect13.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npCouponPrinter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npdjvu.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\NPLV82Win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\nplv85win32.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-20 17:20
Windows 5.1.2600 Service Pack 3 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\EFTP3Server]
"ImagePath"="c:\program files\EFTP\EFTP3ServerService.exe /startedbyscm:3FDC8373-40E29588-EFTP3Server"

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\MySQL]
"ImagePath"="\"c:\program files\MySQL\MySQL Server 5.0\bin\mysqld-nt\" --defaults-file=\"c:\program files\MySQL\MySQL Server 5.0\my.ini\" MySQL"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-4090510239-2663826156-2511336703-1005\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1128)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'lsass.exe'(1184)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll

- - - - - - - > 'explorer.exe'(4028)
c:\program files\CheckPoint\ZAForceField\Plugins\ISWSHEX.dll
c:\progra~1\ZONELA~1\ZONEAL~1\MAILFR~1\mlfhook.dll
c:\program files\Common Files\TortoiseOverlays\TortoiseOverlays.dll
c:\program files\TortoiseSVN\bin\TortoiseStub.dll
c:\program files\TortoiseSVN\bin\TortoiseSVN.dll
c:\program files\TortoiseSVN\bin\intl3_tsvn.dll
c:\program files\CyberLink\Shared Files\CLRCEngine.dll
c:\program files\Adobe\Acrobat 7.0\ActiveX\PDFShell.dll
c:\windows\system32\WPDShServiceObj.dll
c:\program files\Microsoft Virtual PC\VPCShExH.DLL
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\ZONELABS\vsmon.exe
c:\program files\Lavasoft\Ad-Aware\aawservice.exe
c:\acer\eManager\anbmServ.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\lkcitdl.exe
c:\windows\system32\lkads.exe
c:\windows\system32\lktsrv.exe
c:\program files\National Instruments\Shared\Security\nidmsrv.exe
c:\windows\system32\nisvcloc.exe
c:\program files\CDBurnerXP\NMSAccessU.exe
c:\program files\UPHClean\uphclean.exe
c:\windows\system32\wscntfy.exe
c:\program files\TortoiseSVN\bin\TSVNCache.exe
c:\windows\system32\rundll32.exe
c:\program files\iPod\bin\iPodService.exe
c:\docume~1\Courtney\LOCALS~1\Temp\RtkBtMnt.EXE
c:\progra~1\ZONELA~1\ZONEAL~1\MAILFR~1\mantispm.exe
c:\program files\Java\jre1.6.0_07\bin\jucheck.exe
.
**************************************************************************
.
Completion time: 2009-09-20 17:39 - machine was rebooted
ComboFix-quarantined-files.txt 2009-09-20 21:39

Pre-Run: 503,283,712 bytes free
Post-Run: 854,425,600 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Home Edition" /fastdetect /NoExecute=OptIn

577 --- E O F --- 2009-04-20 14:26


-------------------

I bolded the items that were obvious to me that were malicious.
But, I can't figure out why the drivers in my c:\drivers folder were removed. There are copies of the drivers for the machine that I downloaded, just in case they are needed.... I don't think they've been accessed in a long time.

Also, the microsoft media encoder .msi got removed... I'm not sure if this is a real WME or just something disquised to look 'offiical', I know the one I just downloaded is an .exe file, I'm assuming the msi inside.

Is there any way to find out why these items were tagged for removal?
And, does anything else stand out as strange?

I've got the other log files DDS logs and root repeal report if those are needed.

Thanks for the assistance!

BC AdBot (Login to Remove)

 


#2 sempai

sempai

    noypi


  • Malware Response Team
  • 5,288 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:3 stars and a sun
  • Local time:10:09 PM

Posted 08 October 2009 - 05:32 AM

Hello and welcome to Bleeping Computer

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here.

If you have since resolved the original problem you were having, we would appreciate you letting us know. If not please perform the following steps below so we can have a look at the current condition of your machine.  

If you have not done so, include a clear description of the problems you're having, along with any steps you may have performed so far.

Upon completing the steps below another staff member will review and take the steps necessary with you to get your machine back in working order clean and free of malware.

If you have already posted a DDS log, please do so again, as your situation may have changed.
Use the 'Add Reply' and add the new log to this thread.


Thanks and again sorry for the delay.

We need to see some information about what is happening in your machine.  Please perform the following scan:
  • Download DDS by sUBs from one of the following links.  Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool.  No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note:  You may have to disable any script protection running if the scan fails to run.  After downloading the tool, disconnect from the internet and disable all antivirus protection.  Run the scan, enable your A/V and reconnect to the internet.  

Information on A/V control HERE

~Semp

btn_donate_LG.gif
You can help me continue the fight against malware by making a donation, Thank you.

If I am helping you and I didn't reply within 48 hours... Please send me a private message.
Topics that are not replied within 5 days will be close. Please don't PM asking for support, post on the Forums instead.

Member of UNITE (Unified Network of Instructors and Trained Eliminators) 


#3 myrti

myrti

    Sillyberry


  • Malware Study Hall Admin
  • 33,772 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:At home
  • Local time:04:09 PM

Posted 14 October 2009 - 12:56 PM

Due to lack of feedback, this topic is now Closed

If you need this topic reopened, please send me a PM.
Please include the address of this thread in your request.
This applies only to the original topic starter.

Everyone else please start a new topic.

With Regards,
_temp_

is that a bird?  a plane? nooo it's the flying blueberry!

If I have been helping you and haven't replied in 2 days, feel free to shoot me a PM! Please don't send help request via PM, unless I am already helping you. Use the forums!

 

Follow BleepingComputer on: Facebook | Twitter | Google+





0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users