Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Viruses and i keep getting redirected


  • This topic is locked This topic is locked
16 replies to this topic

#1 escapade

escapade

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Connecticut
  • Local time:12:09 PM

Posted 29 October 2009 - 10:35 PM

I bought my desktop pc on february 2009. its a HP pavilion Slimline s3700y 3gb system memory 320gb hard drive amd athlon x2 5000 dual core processor with windows vista premium. i had defender pro antivirus in it . Well i noticed i was having problems with my pc it was running slower ,reset some applications plus i'm being redirected to adware antivirus scanners or other sites, but the ones i wanted to get into .my nephew around october 2 used his flashdrive and was using it for a whole week on my pc. so i ran my antivirus scan and it found 18 viruses so i deleted them all. the thing is it keeps redirecting me so i figured it must have some type of adware in there ,plus by the looks of it the virus corrupted my antivirus so i unistalled the defender pro and installed the CA antivirus .i followed all the directions in completely uninstalling all the antivirus program and restarted pc . then i installed CA and ran the antivirus and spyware program . Well i still had the same problem so i decided to try out the Kaspersky 2010 anti virus so i completely unistalled CA antivirus and restarted . i installed Kaspersky and ran the antvirus it found one virus wich was trojan html. fraud.d and it found virus heur:trojan.script.gen so i deleted them . well every night at 2p.m. my windows defender catches this one its called Trojan:win32/Alureon.gen!U . so i removed it but it comes out still last one came out was on 10/27/09 at 3:40 a.m. and it keeps popping out at around the same time or afternoon. So my problem is that i run my virus scan and nothing is showing up ,but my windows defender has that popping up and i'm still getting redirected to different sites. i have to type the web address to be able to go directly to site or keep double clicking and if it redirects me go back and double click until i get into the site . I'm so sorry ,but this problem is really bothering ,since my computer is fairly new . i apologize for such a long explanation , and if you have any questions i'll be more than happy to give you more info . thank you for taking time to answer me. btw i use mozilla as my default i don't use IE8 unless a certain program opens that one . i did everything that boopme one of your techs told me to do . i'm still getting redirected and its gotten worst since now it opens a whole new webpage with different ad like 3 tabs worth of it. just by trying to click on any site i want to see. these are the logs that i did earlier today ,but was out so i couldn't put it up on site.



DDS (Ver_09-10-26.01) - NTFSx86
Run by Escapade at 17:02:10.07 on Thu 10/29/2009
Internet Explorer: 8.0.6001.18828 BrowserJavaVersion: 1.6.0_16
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.1331 [GMT -4:00]

AV: Defender Pro Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
SP: Defender Pro Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
SP: Defender Pro Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
FW: Defender Pro Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}

============== Running Processes ===============

C:\Windows\system32\wininit.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\svchost.exe -k DcomLaunch
C:\Windows\system32\nvvsvc.exe
C:\Windows\system32\svchost.exe -k rpcss
C:\Windows\System32\svchost.exe -k secsvcs
C:\Windows\System32\svchost.exe -k LocalServiceNetworkRestricted
C:\Windows\System32\svchost.exe -k LocalSystemNetworkRestricted
C:\Windows\system32\svchost.exe -k netsvcs
C:\Windows\system32\svchost.exe -k GPSvcGroup
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\rundll32.exe
C:\Windows\system32\svchost.exe -k LocalService
C:\Windows\system32\svchost.exe -k NetworkService
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\svchost.exe -k LocalServiceNoNetwork
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Windows Defender\MSASCui.exe
C:\hp\support\hpsysdrv.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe
C:\Program Files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe
C:\Program Files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
C:\Program Files\HP\HP Software Update\hpwuSchd2.exe
C:\Program Files\Hewlett-Packard\Media\DVD\DVDAgent.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Program Files\Hewlett-Packard\HP Advisor\HPAdvisor.exe
C:\Program Files\HP\Digital Imaging\bin\hpqtra08.exe
C:\Program Files\PictureMover\Bin\PictureMover.exe
C:\Windows\ehome\ehmsas.exe
C:\Program Files\Windows Sidebar\sidebar.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe
C:\Windows\system32\svchost.exe -k hpdevmgmt
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe -k NetworkServiceNetworkRestricted
C:\Windows\system32\svchost.exe -k imgsvc
C:\Windows\System32\svchost.exe -k WerSvcGroup
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Windows\system32\WUDFHost.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\Windows\Microsoft.Net\Framework\v3.0\WPF\PresentationFontCache.exe
C:\Program Files\Hewlett-Packard\KBD\kbd.exe
C:\Program Files\HP\Digital Imaging\bin\hpqSTE08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqbam08.exe
C:\Program Files\HP\Digital Imaging\bin\hpqgpc01.exe
C:\Windows\system32\wbem\wmiprvse.exe
c:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Kaspersky Lab\Kaspersky Anti-Virus 2010\klwtblfs.exe
C:\Users\Escapade\Desktop\dds.scr

============== Pseudo HJT Report ===============

uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll
BHO: IEVkbdBHO Class: {59273ab4-e7d3-40f9-a1a8-6fa9cca1862c} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\ievkbd.dll
BHO: Microsoft Live Search Toolbar Helper: {d2ce3e00-f94a-4740-988e-03dc2f38c34f} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
BHO: FilterBHO Class: {e33cf602-d945-461a-83f0-819f76a199f8} - c:\program files\kaspersky lab\kaspersky anti-virus 2010\klwtbbho.dll
BHO: HP Smart BHO Class: {ffffffff-cf4e-4f2b-bdc2-0e72e116a856} - c:\program files\hp\digital imaging\smart web printing\hpswp_BHO.dll
TB: Microsoft Live Search Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0541.0\msneshellx.dll
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
TB: {10134636-E7AF-4AC5-A1DC-C7C44BB97D81} - No File
uRun: [Sidebar] c:\program files\windows sidebar\sidebar.exe /autoRun
uRun: [ehTray.exe] c:\windows\ehome\ehTray.exe
uRun: [WMPNSCFG] c:\program files\windows media player\WMPNSCFG.exe
uRun: [HPADVISOR] c:\program files\hewlett-packard\hp advisor\HPAdvisor.exe view=DOCKVIEW,SYSTRAY
mRun: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
mRun: [hpsysdrv] c:\hp\support\hpsysdrv.exe
mRun: [KBD] c:\program files\hewlett-packard\kbd\KbdStub.EXE
mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup
mRun: [NvMediaCenter] RUNDLL32.EXE c:\windows\system32\NvMcTray.dll,NvTaskbarInit
mRun: [HP Health Check Scheduler] c:\program files\hewlett-packard\hp health check\HPHC_Scheduler.exe
mRun: [UpdateP2GoShortCut] "c:\program files\cyberlink\power2go\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\power2go" updatewithcreateonce

"software\cyberlink\power2go\6.0"
mRun: [UpdatePDIRShortCut] "c:\program files\cyberlink\powerdirector\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\powerdirector" updatewithcreateonce

"software\cyberlink\powerdirector\7.0"
mRun: [UpdatePSTShortCut] "c:\program files\cyberlink\cyberlink dvd suite deluxe\muitransfer\muistartmenu.exe" "c:\program files\cyberlink\cyberlink dvd suite deluxe"

updatewithcreateonce "software\cyberlink\PowerStarter"
mRun: [TSMAgent] "c:\program files\hewlett-packard\touchsmart\media\TSMAgent.exe"
mRun: [CLMLServer for HP TouchSmart] "c:\program files\hewlett-packard\touchsmart\media\kernel\clml\CLMLSvc.exe"
mRun: [SmartMenu] %ProgramFiles%\Hewlett-Packard\HP MediaSmart\SmartMenu.exe
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [hpqSRMon] c:\program files\hp\digital imaging\bin\hpqSRMon.exe
mRun: [DVDAgent] "c:\program files\hewlett-packard\media\dvd\DVDAgent.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [AVP] "c:\program files\kaspersky lab\kaspersky anti-virus 2010\avp.exe"
mRun: [Malwarebytes Anti-Malware (reboot)] "c:\program files\malwarebytes' anti-malware\mbam.exe" /runcleanupscript
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\hpdigi~1.lnk - c:\program files\hp\digital imaging\bin\hpqtra08.exe
StartupFolder: c:\progra~2\micros~1\windows\startm~1\programs\startup\pictur~1.lnk - c:\program files\picturemover\bin\PictureMover.exe
mPolicies-explorer: BindDirectlyToPropertySetStorage = 0 (0x0)
mPolicies-system: EnableUIADesktopToggle = 0 (0x0)
IE: {4248FE82-7FCB-46AC-B270-339F08212110} - {4248FE82-7FCB-46AC-B270-339F08212110} - c:\program files\kaspersky lab\kaspersky anti-virus 2010

\klwtbbho.dll
IE: {CCF151D8-D089-449F-A5A4-D9909053F20F} - {CCF151D8-D089-449F-A5A4-D9909053F20F} - c:\program files\kaspersky lab\kaspersky anti-virus 2010

\klwtbbho.dll
IE: {DDE87865-83C5-48c4-8357-2F5B1AA84522} - {DDE87865-83C5-48c4-8357-2F5B1AA84522} - c:\program files\hp\digital imaging\smart web

printing\hpswp_BHO.dll
DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: klogon - c:\windows\system32\klogon.dll
AppInit_DLLs: c:\progra~1\defend~1\defend~1.0\adialhk.dll,c:\progra~1\defend~1\defend~1.0\r3hook.dll,c:\progra~1\kasper~1\kasper~1\mzvkbd3.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\users\escapade\appdata\roaming\mozilla\firefox\profiles\w7dyac6k.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - component: c:\program files\mozilla firefox\components\FFComm.dll
FF - component: c:\program files\mozilla firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\mozilla firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programdata\zylom\zylomgamesplayer\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows

presentation foundation\dotnetassistantextension\
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0013-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0015-ABCDEFFEDCBA}
FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA}

---- FIREFOX POLICIES ----
c:\program files\mozilla firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);

============= SERVICES / DRIVERS ===============

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [2009-10-14 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\system32\drivers\klim6.sys [2009-9-14 21520]
R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2009-10-12 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2009-10-12 74480]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/06 02:05:36];c:\program files\hewlett-packard\media\dvd\000.fcl [2008-10-21 87536]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\system32\drivers\klmouflt.sys [2009-10-2 19472]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\pc-

doc~1\PCD5SRVC.pkms [2008-9-9 20640]
S3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2009-10-12 7408]
S4 nvrd32;NVIDIA nForce RAID Driver;c:\windows\system32\drivers\nvrd32.sys [2008-11-6 133152]

=============== Created Last 30 ================

2009-10-29 15:59:10 0 d-----w- c:\program files\Sophos
2009-10-29 11:03:42 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-29 11:03:08 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-29 11:03:08 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-28 23:41:53 0 d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-28 23:41:22 0 d-----w- c:\users\escapade\appdata\roaming\SUPERAntiSpyware.com
2009-10-28 23:41:22 0 d-----w- c:\program files\SUPERAntiSpyware
2009-10-28 23:39:36 0 d-----w- c:\program files\common files\Wise Installation Wizard
2009-10-28 19:32:05 0 d-----w- c:\users\escapade\appdata\roaming\Malwarebytes
2009-10-28 19:32:00 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 19:31:59 0 d-----w- c:\programdata\Malwarebytes
2009-10-28 19:31:58 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-28 19:31:58 0 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-27 19:29:31 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 19:29:29 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-22 14:41:11 0 d-----w- c:\windows\system32\Adobe
2009-10-22 13:25:56 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-21 23:54:47 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-10-21 23:52:19 0 d-----w- c:\programdata\Kaspersky Lab
2009-10-21 23:52:19 0 d-----w- c:\program files\Kaspersky Lab
2009-10-21 23:46:21 0 d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-10-21 00:34:56 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-18 22:00:26 0 d-----w- c:\program files\limewire
2009-10-15 22:05:48 0 d-----w- c:\windows\Downloaded Installations
2009-10-15 21:50:06 0 d-----w- c:\users\escapade\appdata\roaming\GetRightToGo
2009-10-15 01:18:34 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-10-13 18:25:13 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-13 18:24:36 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-13 18:24:36 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-13 18:24:35 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-13 18:24:33 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-13 18:21:41 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-11 18:30:36 605797 ----a-w- c:\users\escapade\Gaara___Dark_Child_by_ByakuganLove.jpg
2009-10-11 18:27:59 2434352 ----a-w- c:\users\escapade\_Sasuke_Uchiha___by_sakimichan.png
2009-10-11 18:17:19 24034 ----a-w- c:\users\escapade\ae3c4b02.jpg
2009-10-11 17:04:56 33702 ----a-w- c:\users\escapade\zack17.jpg
2009-10-10 18:00:13 0 d-----w- c:\programdata\LightScribe
2009-10-09 23:47:01 0 d-----w- c:\programdata\WindowsSearch
2009-10-05 20:13:15 7 ----a-w- c:\windows\system32\Class15
2009-10-05 20:13:15 5 ----a-w- c:\windows\system32\Band4
2009-10-03 20:50:41 24809 ----a-w- c:\users\escapade\cute-kitten-smiling-inspirational-cat-saying-motivational-kitty-photo.jpg
2009-10-03 15:59:41 466 ----a-w- c:\windows\system32\runrefog.lnk
2009-10-03 15:59:41 466 ----a-w- c:\windows\system32\runkgb.lnk
2009-10-03 07:08:48 0 d-----w- c:\windows\system32\eu-ES
2009-10-03 07:08:48 0 d-----w- c:\windows\system32\ca-ES
2009-10-03 07:08:43 0 d-----w- c:\windows\system32\vi-VN
2009-10-03 06:15:09 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-02 23:39:36 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-10-02 21:10:40 2934 ----a-w- c:\users\escapade\l_0fc149736b0c49c98ce58a7e394612bc.jpg

==================== Find3M ====================

2009-10-29 04:34:35 86016 ----a-w- c:\windows\inf\infstor.dat
2009-10-29 04:34:35 51200 ----a-w- c:\windows\inf\infpub.dat
2009-10-29 04:34:35 143360 ----a-w- c:\windows\inf\infstrng.dat
2009-10-28 17:15:09 812 ----a-w- c:\users\escapade\appdata\roaming\wklnhst.dat
2009-10-21 23:58:11 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-21 23:58:11 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-15 21:16:47 81984 ----a-w- c:\windows\system32\bdod.bin
2009-10-03 07:08:36 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-10-03 06:28:44 37665 ----a-w- c:\windows\fonts\GlobalUserInterface.CompositeFont
2009-09-14 18:46:36 21520 ----a-w- c:\windows\system32\drivers\klim6.sys
2009-09-09 23:01:40 27675 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-09-09 05:30:55 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-01 19:29:50 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-08-29 00:27:49 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14:38 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22:28 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17:43 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17:43 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42:29 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-14 15:53:34 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49:20 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49:18 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49:18 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-08-14 13:49:15 27136 ----a-w- c:\windows\system32\NETSTAT.EXE
2009-08-14 13:49:14 8704 ----a-w- c:\windows\system32\HOSTNAME.EXE
2009-08-14 13:49:14 19968 ----a-w- c:\windows\system32\ARP.EXE
2009-08-14 13:49:13 10240 ----a-w- c:\windows\system32\finger.exe
2009-08-14 13:48:02 105984 ----a-w- c:\windows\system32\netiohlp.dll
2009-08-04 13:17:32 1265696 ----a-w- c:\windows\system32\RtkPgExt.dll
2009-08-04 13:17:26 52256 ----a-w- c:\windows\system32\RtkCoInst.dll
2009-08-04 13:17:16 326176 ----a-w- c:\windows\system32\RtkApoApi.dll
2009-08-04 13:17:16 2898464 ----a-w- c:\windows\system32\RtkAPO.dll
2009-08-03 19:07:42 403816 ----a-w- c:\windows\system32\OGACheckControl.dll
2009-08-03 19:07:42 322928 ----a-w- c:\windows\system32\OGAAddin.dll
2009-08-03 19:07:42 230768 ----a-w- c:\windows\system32\OGAEXEC.exe
2008-01-21 02:43:21 174 --sha-w- c:\program files\desktop.ini
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfd.dat
2006-11-02 12:42:02 30674 ----a-w- c:\windows\inf\perflib\0409\perfc.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfi.dat
2006-11-02 12:42:02 287440 ----a-w- c:\windows\inf\perflib\0409\perfh.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfi.dat
2006-11-02 09:20:21 287440 ----a-w- c:\windows\inf\perflib\0000\perfh.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfd.dat
2006-11-02 09:20:19 30674 ----a-w- c:\windows\inf\perflib\0000\perfc.dat
2008-11-06 23:46:29 8192 --sha-w- c:\windows\users\default\NTUSER.DAT

============= FINISH: 17:03:32.35 ===============


Delete Post

Attached Files



BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:09 PM

Posted 05 November 2009 - 07:50 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

Once I receive a reply then I will return with your first instructions.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#3 escapade

escapade
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Connecticut
  • Local time:12:09 PM

Posted 05 November 2009 - 08:42 PM

Hello mole thank you for taking time in helping with this problem. i appreciate all the help i can get :(

#4 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:09 PM

Posted 06 November 2009 - 05:11 AM

Hi escapade,

There's nothing obvious in the logs but your symptoms are rootkit by the sounds of it.


The Sophos scan doesn't show anything so I would like to just double check with RootRepeal

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.
Please also run MBAM for me to see what that turns up

Please download Posted Image Malwarebytes Anti-Malware and save it to your desktop.
  • Make sure you are connected to the Internet.
  • Double-click on mbam-setup.exe to install the application or, if you are using Vista, right-click and select Run As Administrator on mbam-setup.exe to install the application.
  • When the installation begins, follow the prompts and do not make any changes to default settings.
  • When installation has finished, make sure you leave both of these checked:
    • Update Malwarebytes' Anti-Malware
    • Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • MBAM will automatically start and you will be asked to update the program before performing a scan. If an update is found, the program will automatically update itself. Press the OK button to close that box and continue. If you encounter any problems while downloading the updates, manually download them from here and just double-click on mbam-rules.exe to install.
  • On the Scanner tab:
    • Make sure the "Perform Full Scan" option is selected.
    • Then click on the Scan button.
  • If asked to select the drives to scan, leave all the drives selected and click on the Start Scan button.
  • The scan will begin and "Scan in progress" will show at the top. It may take some time to complete so please be patient.
  • When the scan is finished, a message box will say "The scan completed successfully. Click 'Show Results' to display all objects found".
  • Click OK to close the message box and continue with the removal process.
  • Back at the main Scanner screen, click on the Show Results button to see a list of any malware that was found.
  • Make sure that everything is checked, and click Remove Selected.
  • When removal is completed, a log report will open in Notepad.
  • The log is automatically saved and can be viewed by clicking the Logs tab in MBAM.
  • Copy and paste the contents of that report in your next reply and exit MBAM.
Note: If MBAM encounters a file that is difficult to remove, you may be asked to reboot your computer so it can proceed with the disinfection process. Regardless if prompted to restart the computer or not, please do so immediately. Failure to reboot normally (not into safe mode) will prevent MBAM from removing all the malware. MBAM may make changes to your registry as part of its disinfection routine. If you're using other security programs that detect registry changes, they may alert you after scanning with MBAM. Please permit the program to allow the changes.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#5 escapade

escapade
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Connecticut
  • Local time:12:09 PM

Posted 06 November 2009 - 09:57 AM

Hello mole and ty for helping me out with this problem ... i did all three root repeals but the first one caused my pc to do a mini dump ... so i deleted then tried the other two. they both froze my computer and i had to manually turn it off and on. I didn't do the mbam because i figured you wanted both reports . on the first root repeal once i started my computer it did a disk check of my c drive. Hoping to hear from you , and thanks for your patience :(

#6 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:09 PM

Posted 06 November 2009 - 10:01 AM

That's also a rootkit symptom

Please save this file to your desktop. Click on Start->Run, and copy-paste the following command (the bolded text) into the "Open" box, and click OK.

"%userprofile%\desktop\win32kdiag.exe" -f -r

When it's finished, there will be a log called Win32kDiag.txt on your desktop. Please open it with notepad and post the contents here.
Posted Image
m0le is a proud member of UNITE

#7 escapade

escapade
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Connecticut
  • Local time:12:09 PM

Posted 06 November 2009 - 10:14 AM

This is what i got from that ...






Running from: C:\Users\Escapade\Desktop\win32kdiag.exe

Log file at : C:\Users\Escapade\Desktop\Win32kDiag.txt

Removing all found mount points.

Attempting to reset file permissions.

WARNING: Could not get backup privileges!

Searching 'C:\Windows'...



Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTDiagLog.etl

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-Application.etl

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventlog-Security.etl

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTEventLog-System.etl

Cannot access: C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl

Attempting to restore permissions of : C:\Windows\System32\LogFiles\WMI\RtBackup\EtwRTMsMpPsSession.etl



Finished!

#8 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:09 PM

Posted 06 November 2009 - 10:20 AM

Okay, not that particular rootkit then :(


Download and Run RKill

Please download RKill by Grinler from one of the 4 links below and save it to your desktop.

Link 1
Link 2
Link 3
Link 4
  • Before we begin, you should disable your anti-malware softwares you have installed so they do not interfere RKill running as some anti-malware softwares detect RKill as malicious. Please refer to this page if you are not sure how.
  • Double-click on Rkill on your desktop to run it. (If you are using Windows Vista, please right-click on it and select Run As Administrator)
  • A black screen will appear and then disappear. Please do not worry, that is normal. This means that the tool has been successfully executed.
  • If nothing happens or if the tool does not run, please let me know in your next reply
Then if that is successful please run Combofix

Please download ComboFix from one of these locations:* IMPORTANT !!! Save ComboFix.exe to your Desktop making sure you rename it comfix.exe
  • Disable your AntiVirus and AntiSpyware applications, usually via a right click on the System Tray icon. They may otherwise interfere with our tools. (Click on this link to see a list of programs that should be disabled. The list is not all inclusive.)
  • Double click on Combofix.exe & follow the prompts.
  • As part of it's process, ComboFix will check to see if the Microsoft Windows Recovery Console is installed. With malware infections being as they are today, it's strongly recommended to have this pre-installed on your machine before doing any malware removal. It will allow you to boot up into a special recovery/repair mode that will allow us to more easily help you should your computer have a problem after an attempted removal of malware.
  • Follow the prompts to allow ComboFix to download and install the Microsoft Windows Recovery Console, and when prompted, agree to the End-User License Agreement to install the Microsoft Windows Recovery Console.
**Please note: If the Microsoft Windows Recovery Console is already installed, ComboFix will continue it's malware removal procedures.

Posted Image


Once the Microsoft Windows Recovery Console is installed using ComboFix, you should see the following message:

Posted Image


Click on Yes, to continue scanning for malware.

When finished, it shall produce a log for you. Please include the C:\ComboFix.txt in your next reply.

Thanks :(
Posted Image
m0le is a proud member of UNITE

#9 escapade

escapade
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Connecticut
  • Local time:12:09 PM

Posted 06 November 2009 - 12:01 PM

ok i included the text and it found something =D !!! thanks soooo much !!!


ComboFix 09-11-05.05 - Escapade 11/06/2009 11:10.1.2 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6002.2.1252.1.1033.18.2942.2257 [GMT -5:00]
Running from: c:\users\Escapade\Desktop\comfix.exe.exe
AV: Defender Pro Antivirus *On-access scanning disabled* (Updated) {6C4BB89C-B0ED-4F41-A29C-4373888923BB}
FW: Defender Pro Firewall *disabled* {4055920F-2E99-48A8-A270-4243D2B8F242}
SP: Defender Pro Antispyware *disabled* (Updated) {8B2012EC-32D4-494F-BC03-832DB3BDF911}
SP: Defender Pro Internet Security *enabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
SP: SUPERAntiSpyware *disabled* (Updated) {222A897C-5018-402e-943F-7E7AC8560DA7}
SP: Windows Defender *enabled* (Updated) {D68DDC3A-831F-4FAE-9E44-DA132C1ACF46}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\$recycle.bin\S-1-5-21-3044163252-3160862523-1437495094-500
c:\$recycle.bin\S-1-5-21-3878465475-1978539631-3625903220-500
c:\windows\system32\logs

Infected copy of c:\windows\System32\drivers\nvstor32.sys was found and disinfected
Restored copy from - Kitty ate it :(
.
((((((((((((((((((((((((( Files Created from 2009-10-06 to 2009-11-06 )))))))))))))))))))))))))))))))
.

2009-11-06 16:22 . 2009-11-06 16:23 -------- d-----w- c:\users\Escapade\AppData\Local\temp
2009-11-06 16:22 . 2009-11-06 16:22 -------- d-----w- c:\users\Default\AppData\Local\temp
2009-11-04 17:27 . 2009-11-04 17:27 -------- d-----w- c:\users\Escapade\AppData\Local\Apple
2009-11-04 16:25 . 2009-11-04 16:25 -------- d-----w- c:\program files\Windows Portable Devices
2009-11-04 14:02 . 2009-09-10 02:00 92672 ----a-w- c:\windows\system32\UIAnimation.dll
2009-11-04 14:02 . 2009-09-10 02:01 3023360 ----a-w- c:\windows\system32\UIRibbon.dll
2009-11-04 14:02 . 2009-09-10 02:00 1164800 ----a-w- c:\windows\system32\UIRibbonRes.dll
2009-11-04 14:00 . 2009-10-01 01:02 30208 ----a-w- c:\windows\system32\WPDShextAutoplay.exe
2009-11-04 13:57 . 2009-10-08 21:08 555520 ----a-w- c:\windows\system32\UIAutomationCore.dll
2009-11-04 13:57 . 2009-10-08 21:08 234496 ----a-w- c:\windows\system32\oleacc.dll
2009-11-04 13:57 . 2009-10-08 21:07 4096 ----a-w- c:\windows\system32\oleaccrc.dll
2009-10-29 15:59 . 2009-11-06 14:21 -------- d-----w- c:\program files\Sophos
2009-10-29 11:03 . 2009-08-07 02:24 44768 ----a-w- c:\windows\system32\wups2.dll
2009-10-29 11:03 . 2009-08-07 02:24 53472 ----a-w- c:\windows\system32\wuauclt.exe
2009-10-29 11:03 . 2009-08-07 02:23 1929952 ----a-w- c:\windows\system32\wuaueng.dll
2009-10-29 11:03 . 2009-08-07 01:45 2421760 ----a-w- c:\windows\system32\wucltux.dll
2009-10-29 11:03 . 2009-08-07 02:24 35552 ----a-w- c:\windows\system32\wups.dll
2009-10-29 11:03 . 2009-08-07 02:23 575704 ----a-w- c:\windows\system32\wuapi.dll
2009-10-29 11:03 . 2009-08-07 01:44 87552 ----a-w- c:\windows\system32\wudriver.dll
2009-10-29 11:03 . 2009-08-06 23:23 171608 ----a-w- c:\windows\system32\wuwebv.dll
2009-10-29 11:03 . 2009-08-06 22:44 33792 ----a-w- c:\windows\system32\wuapp.exe
2009-10-29 03:37 . 2009-10-29 13:03 -------- d-----w- c:\users\Escapade\AppData\Local\Adobe
2009-10-28 23:42 . 2009-10-28 23:42 117760 ----a-w- c:\users\Escapade\AppData\Roaming\SUPERAntiSpyware.com\SUPERAntiSpyware\SDDLLS\UIREPAIR.DLL
2009-10-28 23:41 . 2009-10-28 23:41 -------- d-----w- c:\programdata\SUPERAntiSpyware.com
2009-10-28 23:41 . 2009-10-28 23:41 4096 d-----w- c:\program files\SUPERAntiSpyware
2009-10-28 23:41 . 2009-10-28 23:41 -------- d-----w- c:\users\Escapade\AppData\Roaming\SUPERAntiSpyware.com
2009-10-28 23:39 . 2009-10-28 23:39 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard
2009-10-28 19:32 . 2009-10-28 19:32 -------- d-----w- c:\users\Escapade\AppData\Roaming\Malwarebytes
2009-10-28 19:32 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-28 19:31 . 2009-10-28 19:31 -------- d-----w- c:\programdata\Malwarebytes
2009-10-28 19:31 . 2009-10-28 19:32 4096 d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-28 19:31 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-27 19:29 . 2009-09-10 14:58 310784 ----a-w- c:\windows\system32\unregmp2.exe
2009-10-27 19:29 . 2009-09-10 14:59 8147456 ----a-w- c:\windows\system32\wmploc.DLL
2009-10-22 14:41 . 2009-10-22 14:41 -------- d-----w- c:\windows\system32\Adobe
2009-10-22 13:25 . 2009-03-08 11:32 72704 ----a-w- c:\windows\system32\admparse.dll
2009-10-21 23:58 . 2009-10-21 23:58 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-10-21 23:58 . 2009-10-21 23:58 80400 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-10-21 23:58 . 2009-10-21 23:58 264720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\rollback\patch\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-10-21 23:58 . 2009-10-21 23:58 59920 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd.dll
2009-10-21 23:58 . 2009-10-21 23:58 264720 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\klwtbbho.dll
2009-10-21 23:58 . 2009-10-21 23:58 109072 ----a-w- c:\programdata\Kaspersky Lab\AVP9\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav9exec\9.0.0.459\mzvkbd3.dll
2009-10-21 23:54 . 2009-10-21 23:54 604140 --sha-w- c:\windows\system32\drivers\ISwift3.dat
2009-10-21 23:52 . 2009-11-06 14:42 4096 d-----w- c:\programdata\Kaspersky Lab
2009-10-21 23:52 . 2009-10-21 23:52 -------- d-----w- c:\program files\Kaspersky Lab
2009-10-21 23:46 . 2009-10-29 04:31 -------- d-----w- c:\programdata\Kaspersky Lab Setup Files
2009-10-21 00:34 . 2009-10-21 00:34 219664 ----a-w- c:\windows\system32\klogon.dll
2009-10-20 16:54 . 2009-10-20 16:54 59976 ----a-w- c:\programdata\Kaspersky Lab Setup Files\Kaspersky Anti-Virus 2010 9.0.0.736\English\setup.exe
2009-10-18 22:00 . 2009-10-18 22:03 4096 d-----w- c:\program files\limewire
2009-10-15 22:05 . 2009-10-15 22:11 -------- d-----w- c:\windows\Downloaded Installations
2009-10-15 21:57 . 2009-10-15 21:57 -------- d-----w- c:\windows\Sun
2009-10-15 21:50 . 2009-10-15 21:55 4096 d-----w- c:\users\Escapade\AppData\Roaming\GetRightToGo
2009-10-15 01:18 . 2009-10-15 01:18 36880 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-10-13 18:25 . 2009-09-10 16:48 218624 ----a-w- c:\windows\system32\msv1_0.dll
2009-10-13 18:24 . 2009-08-04 12:34 3600456 ----a-w- c:\windows\system32\ntkrnlpa.exe
2009-10-13 18:24 . 2009-08-04 12:34 3548216 ----a-w- c:\windows\system32\ntoskrnl.exe
2009-10-13 18:24 . 2009-09-04 11:41 60928 ----a-w- c:\windows\system32\msasn1.dll
2009-10-13 18:24 . 2009-09-14 09:29 144896 ----a-w- c:\windows\system32\drivers\srv2.sys
2009-10-13 18:21 . 2009-05-08 12:53 604672 ----a-w- c:\windows\system32\WMSPDMOD.DLL
2009-10-10 18:00 . 2009-10-10 18:00 -------- d-----w- c:\programdata\LightScribe
2009-10-09 23:47 . 2009-10-09 23:47 -------- d-----w- c:\programdata\WindowsSearch
2009-10-08 00:29 . 2009-10-08 00:29 652296 ----a-w- c:\programdata\Microsoft\eHome\Packages\SportsTemplate\SportsTemplateCore\Microsoft.MediaCenter.Sports.UI.dll
2009-10-08 00:29 . 2009-10-08 00:29 746760 ----a-w- c:\programdata\Microsoft\eHome\Packages\MCESpotlight\MCESpotlight\SpotlightResources.dll
2009-10-08 00:28 . 2009-10-08 00:28 416128 ----a-w- c:\programdata\Microsoft\eHome\Packages\NetTV\Browse\NetTVResources.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-06 14:04 . 2009-04-03 02:39 8192 d-----w- c:\users\Escapade\AppData\Roaming\LimeWire
2009-11-04 16:25 . 2006-11-02 10:25 665600 ----a-w- c:\windows\inf\drvindex.dat
2009-11-04 16:25 . 2009-11-04 16:25 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_07_00.Wdf
2009-11-04 16:24 . 2009-11-04 16:24 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdFs_01_07_00.Wdf
2009-11-04 08:45 . 2009-07-09 04:14 1256 ----a-w- c:\users\Escapade\AppData\Roaming\wklnhst.dat
2009-10-28 19:41 . 2009-06-14 23:34 4096 d-----w- c:\programdata\NOS
2009-10-21 23:58 . 2009-02-18 04:53 95259 ----a-w- c:\windows\system32\drivers\klick.dat
2009-10-21 23:58 . 2009-02-18 04:53 108059 ----a-w- c:\windows\system32\drivers\klin.dat
2009-10-21 23:28 . 2008-11-07 00:08 8192 d--h--w- c:\program files\InstallShield Installation Information
2009-10-21 23:28 . 2008-11-07 00:08 4096 d-----w- c:\program files\Common Files\InstallShield
2009-10-21 18:37 . 2008-11-07 00:21 4096 d-----w- c:\program files\Java
2009-10-18 22:11 . 2009-02-08 04:04 1706136 ----a-w- c:\programdata\WildTangent\My HP Game Console\Downloads\en-us\Installers\SetupGamesClient.exe
2009-10-15 21:17 . 2009-08-15 03:14 4096 d-----w- c:\program files\BitDefender
2009-10-15 21:17 . 2009-08-15 03:08 4096 d-----w- c:\program files\Common Files\BitDefender
2009-10-15 21:16 . 2009-08-15 05:15 81984 ----a-w- c:\windows\system32\bdod.bin
2009-10-14 07:22 . 2006-11-02 11:18 4096 d-----w- c:\program files\Windows Mail
2009-10-13 02:35 . 2008-11-07 00:00 4096 d-----w- c:\program files\Hewlett-Packard
2009-10-10 19:32 . 2009-02-13 21:23 4096 d-----w- c:\users\Escapade\AppData\Roaming\CyberLink
2009-10-10 01:09 . 2008-11-07 00:09 -------- d-----w- c:\programdata\NVIDIA
2009-10-06 18:39 . 2009-02-07 23:24 7052 ----a-w- c:\users\Escapade\AppData\Local\d3d9caps.dat
2009-10-04 00:29 . 2009-10-03 17:24 -------- d-----w- c:\users\Escapade\AppData\Roaming\U3
2009-10-03 07:11 . 2006-11-02 12:37 -------- d-----w- c:\program files\Windows Calendar
2009-10-03 07:11 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Sidebar
2009-10-03 07:11 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Journal
2009-10-03 07:11 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Collaboration
2009-10-03 07:11 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Photo Gallery
2009-10-03 07:11 . 2006-11-02 12:37 4096 d-----w- c:\program files\Windows Defender
2009-10-02 23:39 . 2009-10-02 23:39 19472 ----a-w- c:\windows\system32\drivers\klmouflt.sys
2009-10-01 14:29 . 2009-10-03 06:15 195440 ------w- c:\windows\system32\MpSigStub.exe
2009-10-01 01:02 . 2009-11-04 14:00 2537472 ----a-w- c:\windows\system32\wpdshext.dll
2009-10-01 01:02 . 2009-11-04 14:00 334848 ----a-w- c:\windows\system32\PortableDeviceApi.dll
2009-10-01 01:02 . 2009-11-04 14:00 87552 ----a-w- c:\windows\system32\WPDShServiceObj.dll
2009-10-01 01:02 . 2009-11-04 14:00 31232 ----a-w- c:\windows\system32\BthMtpContextHandler.dll
2009-10-01 01:01 . 2009-11-04 14:00 546816 ----a-w- c:\windows\system32\wpd_ci.dll
2009-10-01 01:01 . 2009-11-04 14:00 160256 ----a-w- c:\windows\system32\PortableDeviceTypes.dll
2009-10-01 01:01 . 2009-11-04 14:00 60928 ----a-w- c:\windows\system32\PortableDeviceConnectApi.dll
2009-10-01 01:01 . 2009-11-04 14:00 196608 ----a-w- c:\windows\system32\PortableDeviceWMDRM.dll
2009-10-01 01:01 . 2009-11-04 14:00 100864 ----a-w- c:\windows\system32\PortableDeviceClassExtension.dll
2009-10-01 01:01 . 2009-11-04 14:00 350208 ----a-w- c:\windows\system32\WPDSp.dll
2009-10-01 01:01 . 2009-11-04 14:00 81920 ----a-w- c:\windows\system32\wpdbusenum.dll
2009-10-01 01:01 . 2009-11-04 14:00 40448 ----a-w- c:\windows\system32\drivers\WpdUsb.sys
2009-10-01 01:01 . 2009-11-04 14:00 226816 ----a-w- c:\windows\system32\WpdMtp.dll
2009-10-01 01:01 . 2009-11-04 14:00 61952 ----a-w- c:\windows\system32\WpdMtpUS.dll
2009-10-01 01:01 . 2009-11-04 14:00 33280 ----a-w- c:\windows\system32\WpdConns.dll
2009-09-26 23:28 . 2009-09-26 23:28 4096 d-----w- c:\program files\7-Zip
2009-09-26 23:28 . 2009-09-26 23:28 -------- d-----w- c:\program files\Atrinsic
2009-09-25 02:10 . 2009-11-04 14:01 974848 ----a-w- c:\windows\system32\WindowsCodecs.dll
2009-09-25 02:07 . 2009-11-04 14:01 189440 ----a-w- c:\windows\system32\WindowsCodecsExt.dll
2009-09-25 02:04 . 2009-11-04 14:01 321024 ----a-w- c:\windows\system32\PhotoMetadataHandler.dll
2009-09-25 01:49 . 2009-11-04 14:01 1554432 ----a-w- c:\windows\system32\xpsservices.dll
2009-09-25 01:48 . 2009-11-04 14:01 351232 ----a-w- c:\windows\system32\XpsPrint.dll
2009-09-25 01:38 . 2009-11-04 14:01 847360 ----a-w- c:\windows\system32\OpcServices.dll
2009-09-25 01:36 . 2009-11-04 14:01 280064 ----a-w- c:\windows\system32\XpsGdiConverter.dll
2009-09-25 01:35 . 2009-11-04 14:01 135680 ----a-w- c:\windows\system32\XpsRasterService.dll
2009-09-25 01:33 . 2009-11-04 14:01 195584 ----a-w- c:\windows\system32\dxdiagn.dll
2009-09-25 01:33 . 2009-11-04 14:01 829440 ----a-w- c:\windows\system32\d3d10warp.dll
2009-09-25 01:33 . 2009-11-04 14:01 369664 ----a-w- c:\windows\system32\WMPhoto.dll
2009-09-25 01:32 . 2009-11-04 14:01 252928 ----a-w- c:\windows\system32\dxdiag.exe
2009-09-25 01:31 . 2009-11-04 14:01 519680 ----a-w- c:\windows\system32\d3d11.dll
2009-09-25 01:31 . 2009-11-04 14:01 486912 ----a-w- c:\windows\system32\d3d10level9.dll
2009-09-25 01:31 . 2009-11-04 14:01 161280 ----a-w- c:\windows\system32\d3d10_1.dll
2009-09-25 01:31 . 2009-11-04 14:01 218112 ----a-w- c:\windows\system32\d3d10_1core.dll
2009-09-25 01:31 . 2009-11-04 14:01 1030144 ----a-w- c:\windows\system32\d3d10.dll
2009-09-25 01:31 . 2009-11-04 14:01 828928 ----a-w- c:\windows\system32\d2d1.dll
2009-09-25 01:30 . 2009-11-04 14:01 190464 ----a-w- c:\windows\system32\d3d10core.dll
2009-09-25 01:30 . 2009-11-04 14:01 481792 ----a-w- c:\windows\system32\dxgi.dll
2009-09-25 01:27 . 2009-11-04 14:01 634880 ----a-w- c:\windows\system32\drivers\dxgkrnl.sys
2009-09-25 01:27 . 2009-11-04 14:01 37888 ----a-w- c:\windows\system32\cdd.dll
2009-09-25 01:27 . 2009-11-04 14:01 793088 ----a-w- c:\windows\system32\FntCache.dll
2009-09-25 01:27 . 2009-11-04 14:01 1064448 ----a-w- c:\windows\system32\DWrite.dll
2009-09-24 22:54 . 2009-11-04 14:01 258048 ----a-w- c:\windows\system32\winspool.drv
2009-09-24 22:54 . 2009-11-04 14:01 667648 ----a-w- c:\windows\system32\printfilterpipelinesvc.exe
2009-09-24 22:54 . 2009-11-04 14:01 26112 ----a-w- c:\windows\system32\printfilterpipelineprxy.dll
2009-09-20 13:35 . 2009-08-15 03:14 -------- d-----w- c:\programdata\BitDefender
2009-09-15 01:44 . 2008-11-07 00:19 12288 d---a-w- c:\program files\Common Files\LightScribe
2009-09-14 18:46 . 2009-09-14 18:46 21520 ----a-w- c:\windows\system32\drivers\klim6.sys
2009-09-13 23:50 . 2009-09-13 23:33 -------- d-----w- c:\users\Escapade\AppData\Roaming\Sony
2009-09-13 23:46 . 2009-09-13 23:46 -------- d-----w- c:\program files\Common Files\Sony Shared
2009-09-13 23:43 . 2009-09-13 23:43 4096 d-----w- c:\program files\Apple Software Update
2009-09-13 23:43 . 2009-09-13 23:43 -------- d-----w- c:\programdata\Apple
2009-09-13 23:34 . 2009-09-13 23:33 21935408 ----a-w- c:\users\Escapade\AppData\Roaming\Sony Setup\A189E68E-2253-4c3b-86B7-D77E36F13C55\QuickTimeInstaller.exe
2009-09-13 23:33 . 2009-09-13 23:33 -------- d-----w- c:\users\Escapade\AppData\Roaming\Sony Setup
2009-09-13 23:33 . 2009-09-13 23:33 -------- d-----w- c:\program files\Sony Setup
2009-09-12 02:52 . 2009-08-11 03:45 4096 d-----w- c:\program files\Guild Wars
2009-09-09 23:01 . 2009-09-09 23:01 27675 ----a-w- c:\windows\system32\drivers\klopp.dat
2009-09-09 07:11 . 2008-11-07 00:33 4096 d-----w- c:\program files\Microsoft Silverlight
2009-09-09 05:30 . 2009-09-09 05:30 0 ---ha-w- c:\windows\system32\drivers\Msft_User_WpdMtpDr_01_00_00.Wdf
2009-09-01 19:29 . 2009-09-01 19:29 128016 ----a-w- c:\windows\system32\drivers\kl1.sys
2009-08-29 00:27 . 2009-09-02 22:05 4240384 ----a-w- c:\windows\system32\GameUXLegacyGDFs.dll
2009-08-29 00:14 . 2009-09-02 22:05 28672 ----a-w- c:\windows\system32\Apphlpdm.dll
2009-08-27 05:22 . 2009-10-22 13:27 916480 ----a-w- c:\windows\system32\wininet.dll
2009-08-27 05:17 . 2009-10-22 13:27 71680 ----a-w- c:\windows\system32\iesetup.dll
2009-08-27 05:17 . 2009-10-22 13:27 109056 ----a-w- c:\windows\system32\iesysprep.dll
2009-08-27 03:42 . 2009-10-22 13:27 133632 ----a-w- c:\windows\system32\ieUnatt.exe
2009-08-15 03:17 . 2009-02-18 04:52 37436704 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-14 16:27 . 2009-09-08 22:50 904776 ----a-w- c:\windows\system32\drivers\tcpip.sys
2009-08-14 15:53 . 2009-09-08 22:50 17920 ----a-w- c:\windows\system32\netevent.dll
2009-08-14 13:49 . 2009-09-08 22:50 9728 ----a-w- c:\windows\system32\TCPSVCS.EXE
2009-08-14 13:49 . 2009-09-08 22:50 17920 ----a-w- c:\windows\system32\ROUTE.EXE
2009-08-14 13:49 . 2009-09-08 22:50 11264 ----a-w- c:\windows\system32\MRINFO.EXE
2009-03-05 22:08 . 2009-08-15 03:19 49664 ----a-w- c:\program files\mozilla firefox\components\FFComm.dll
2008-11-06 23:46 . 2008-11-06 23:44 8192 --sha-w- c:\windows\Users\Default\NTUSER.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Sidebar"="c:\program files\Windows Sidebar\sidebar.exe" [2009-04-11 1233920]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2008-01-21 125952]
"HPADVISOR"="c:\program files\Hewlett-Packard\HP Advisor\HPAdvisor.exe" [2009-08-05 1644088]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2008-01-21 202240]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Windows Defender"="c:\program files\Windows Defender\MSASCui.exe" [2008-01-21 1008184]
"hpsysdrv"="c:\hp\support\hpsysdrv.exe" [2007-04-18 65536]
"KBD"="c:\program files\Hewlett-Packard\KBD\KbdStub.EXE" [2008-07-21 12288]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2008-09-27 13539872]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2008-09-27 92704]
"HP Health Check Scheduler"="c:\program files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe" [2008-10-09 75008]
"UpdateP2GoShortCut"="c:\program files\CyberLink\Power2Go\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePDIRShortCut"="c:\program files\CyberLink\PowerDirector\MUITransfer\MUIStartMenu.exe" [2008-06-14 210216]
"UpdatePSTShortCut"="c:\program files\CyberLink\CyberLink DVD Suite Deluxe\MUITransfer\MUIStartMenu.exe" [2008-09-11 210216]
"TSMAgent"="c:\program files\Hewlett-Packard\TouchSmart\Media\TSMAgent.exe" [2008-10-18 1152296]
"CLMLServer for HP TouchSmart"="c:\program files\Hewlett-Packard\TouchSmart\Media\Kernel\CLML\CLMLSvc.exe" [2008-10-18 189736]
"SmartMenu"="c:\program files\Hewlett-Packard\HP MediaSmart\SmartMenu.exe" [2008-09-23 912688]
"HP Software Update"="c:\program files\HP\HP Software Update\HPWuSchd2.exe" [2007-10-15 49152]
"hpqSRMon"="c:\program files\HP\Digital Imaging\bin\hpqSRMon.exe" [2008-06-02 80896]
"DVDAgent"="c:\program files\Hewlett-Packard\Media\DVD\DVDAgent.exe" [2008-12-01 1148200]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2009-02-27 35696]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-31 149280]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2010\avp.exe" [2009-10-21 340456]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
HP Digital Imaging Monitor.lnk - c:\program files\HP\Digital Imaging\bin\hpqtra08.exe [2008-3-25 214360]
PictureMover.lnk - c:\program files\PictureMover\Bin\PictureMover.exe [2008-9-8 430080]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableUIADesktopToggle"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2009-09-03 19:21 548352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"LoadAppInit_Dlls"=1 (0x1)
"AppInit_DLLs"=c:\progra~1\KASPER~1\KASPER~1\mzvkbd3.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
SetupExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WinDefend]
@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Svc]
"VistaSp2"=hex(:(:ce,cd,ff,da,f9,43,ca,01

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\System32\drivers\klbg.sys [10/14/2009 8:18 PM 36880]
R1 KLIM6;Kaspersky Anti-Virus NDIS 6 Filter;c:\windows\System32\drivers\klim6.sys [9/14/2009 1:46 PM 21520]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [10/12/2009 8:24 PM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [10/12/2009 8:24 PM 74480]
R2 {55662437-DA8C-40c0-AADA-2C816A897A49};Power Control [2009/04/06 02:05];c:\program files\Hewlett-Packard\Media\DVD\000.fcl [10/21/2008 3:42 PM 87536]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\System32\drivers\klmouflt.sys [10/2/2009 6:39 PM 19472]
S2 Norton Internet Security;Norton Internet Security;"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe" /s "Norton Internet Security" /m "c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll" /prefetch:1 --> c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe [?]
S3 FontCache;Windows Font Cache Service;c:\windows\system32\svchost.exe -k LocalServiceAndNoImpersonation [1/20/2008 9:23 PM 21504]
S3 PCD5SRVC{BD6912E3-AC9D80E8-05040000};PCD5SRVC{BD6912E3-AC9D80E8-05040000} - PCDR Kernel Mode Service Helper Driver;c:\progra~1\PC-DOC~1\PCD5SRVC.pkms [9/9/2008 7:58 PM 20640]
S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [10/12/2009 8:24 PM 7408]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - MBR
*Deregistered* - mbr
*Deregistered* - PROCEXP113

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
LocalServiceAndNoImpersonation REG_MULTI_SZ FontCache
.
Contents of the 'Scheduled Tasks' folder

2009-11-06 c:\windows\Tasks\HPCeeScheduleForEscapade.job
- c:\program files\hewlett-packard\sdp\ceement\HPCEE.exe [2008-11-07 19:12]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mStart Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
mDefault_Page_URL = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=en_us&c=91&bd=bestbuy&pf=cndt
FF - ProfilePath - c:\users\Escapade\AppData\Roaming\Mozilla\Firefox\Profiles\w7dyac6k.default\
FF - prefs.js: browser.startup.homepage - hxxp://m.www.yahoo.com/
FF - component: c:\program files\Mozilla Firefox\components\FFComm.dll
FF - component: c:\program files\Mozilla Firefox\extensions\linkfilter@kaspersky.ru\components\KavLinkFilter.dll
FF - plugin: c:\program files\Mozilla Firefox\plugins\npzylomgamesplayer.dll
FF - plugin: c:\programdata\Zylom\ZylomGamesPlayer\npzylomgamesplayer.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.
.
------- File Associations -------
.
regedit=regedit.exe "%1"
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
AddRemove-sp41099 - c:\hp\Softpaq\sp41099\sp41099.exe
AddRemove-{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF} - c:\program files\InstallShield Installation Information\{CE7E3BE0-2DD3-4416-A690-F9E4A99A8CFF}\setup.exe
AddRemove-BitTorrent DNA - c:\users\Escapade\Program Files\DNA\btdna.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-06 11:22
Windows 6.0.6002 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Engine\16.0.0.125\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Engine\16.0.0.125\diMaster.dll\" /prefetch:1"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\MEMSWEEP2]
"ImagePath"="\??\c:\windows\system32\EBD9.tmp"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\msiserver]
"ImagePath"="%systemroot%\system32\msiexec /V"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\PCD5SRVC{BD6912E3-AC9D80E8-05040000}]
"ImagePath"="\??\c:\progra~1\PC-DOC~1\PCD5SRVC.pkms"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Services\{55662437-DA8C-40c0-AADA-2C816A897A49}]
"ImagePath"="\??\c:\program files\Hewlett-Packard\Media\DVD\000.fcl"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3878465475-1978539631-3625903220-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_% **]
@Class="Shell"

[HKEY_USERS\S-1-5-21-3878465475-1978539631-3625903220-1000\Software\Microsoft\Windows\CurrentVersion\Explorer\FileExts\.*_% **\OpenWithList]
@Class="Shell"

[HKEY_LOCAL_MACHINE\SYSTEM\ControlSet001\Control\Class\{4D36E96D-E325-11CE-BFC1-08002BE10318}\0000\AllUserSettings]
@Denied: (A) (Users)
@Denied: (A) (Everyone)
@Allowed: (B 1 2 3 4 5) (S-1-5-20)
"BlindDial"=dword:00000000
.
Completion time: 2009-11-06 11:27
ComboFix-quarantined-files.txt 2009-11-06 16:27

Pre-Run: 207,550,005,248 bytes free
Post-Run: 207,570,042,880 bytes free

Current=1 Default=1 Failed=0 LastKnownGood=7 Sets=1,2,3,4,5,6,7
- - End Of File - - F6C6693B4B8DE37F94242B5BEB385A65

#10 escapade

escapade
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Connecticut
  • Local time:12:09 PM

Posted 06 November 2009 - 12:18 PM

I had a question there are antiviruses that have been uninstalled but it shows in the report ... i searched them to see if any parts of the program are anywhere ,but it shows nothing . is it fine for it to show up ? the programs are defender pro and norton internet security. i also had CA antivirus ,but i uninstalled it also like the above ones.

#11 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:09 PM

Posted 06 November 2009 - 12:48 PM

Your question is a good one. Combofix searches for antiviruses and although uninstalled this does not mean that every registry entry and file has been removed. If the uninstaller isn't perfect (none of them are) it will still recognise it. Combofix reports this as it can skew the resultant log but in this case there is no problem.

The log is a good one.


I see you own MBAM, make sure it is updated and then please run MBAM on quick scan to clean up

Thanks :(
Posted Image
m0le is a proud member of UNITE

#12 escapade

escapade
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Connecticut
  • Local time:12:09 PM

Posted 06 November 2009 - 01:14 PM

ok i'll do that and thanks you so much for all of your help and time...I'm very grateful for the time you've dedicated to help me with this problem . i'm going to run it now . one other question i have all of this programs downloaded from previous post on this site should i delete them or keep? the programs are sar_15_sfx,win32diag,rkill,root repeal,settings.dat,sarscan,attach,dds,superantispyware,atf-cleaner,malwarebytes antimalware, and the comfix.exe

#13 escapade

escapade
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Connecticut
  • Local time:12:09 PM

Posted 06 November 2009 - 01:24 PM

this is the log from the mbam i just performed... :(




Malwarebytes' Anti-Malware 1.41
Database version: 3111
Windows 6.0.6002 Service Pack 2

11/6/2009 1:23:24 PM
mbam-log-2009-11-06 (13-23-24).txt

Scan type: Quick Scan
Objects scanned: 91405
Time elapsed: 7 minute(s), 30 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

#14 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:05:09 PM

Posted 06 November 2009 - 01:41 PM

You're clean, escapade :(

Some of the tools you should keep:
superantispyware, atf-cleaner, malwarebytes antimalware

Also you should delete these:
win32diag, rkill, root repeal,settings.dat,sarscan (sar_15_sfx), DDS (attach.txt and DDS.txt)

Any others will be removed now.

You're clean. Good stuff! :(

Let's do some clearing up


Uninstall ComboFix

Remove Combofix now that we're done with it.
  • Please press the Windows Key and R on your keyboard. This will bring up the Run... command.
    (For Vista/Windows 7 please click Start -> All Programs -> Accessories -> Run)
  • Now type in Comfix /Uninstall in the runbox and click OK. (Notice the space between "Comfix" and "/")
  • Please follow the prompts to uninstall Combofix.
  • You will then receive a message saying Combofix was uninstalled successfully once it's done uninstalling itself.
This will uninstall Combofix and anything associated with it.


Download and Run OTC

We will now remove the tools we used during this fix using OTC.
  • Download OTC by OldTimer and save it to your desktop.
  • Double click Posted Image icon to start the program. If you are using Vista, please right-click and choose run as administrator
  • Then Click the big Posted Image button.
  • You will get a prompt saying "Being Cleanup Process". Please select Yes.
  • Restart your computer when prompted.
------------------------------------------------------------------------------------------------------------------------

Here's some advice on how you can keep your PC clean


Update your AntiVirus Software

It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out. If you use a commercial antivirus program you must make sure you keep renewing your subscription. Otherwise, once your subscription runs out, you may not be able to update the programs virus definitions.


Make sure your applications have all of their updates

It is also possible for other programs on your computer to have security vulnerability that can allow malware to infect you. Therefore, it is also a good idea to check for the latest versions of commonly installed applications that are regularly patched to fix vulnerabilities. You can check these by visiting Secunia Software Inspector and Calendar of Updates.


Install an AntiSpyware Program

A highly recommended AntiSpyware program is SuperAntiSpyware. You can download the free Home Version. or the Pro version for a 15 day trial period.

Installing this or another recommended program will provide spyware & hijacker protection on your computer alongside your virus protection. You should scan your computer with an AntiSpyware program on a regular basis just as you would an antivirus software.


Finally, here's a treasure trove of antivirus, antimalware and antispyware resources


That's it escapade, happy surfing!

Cheers.

m0le
Posted Image
m0le is a proud member of UNITE

#15 escapade

escapade
  • Topic Starter

  • Members
  • 39 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Connecticut
  • Local time:12:09 PM

Posted 06 November 2009 - 02:11 PM

it won't take the comfix /uninstall .. i followed directions . Oh my god thank you soooo much !! i'm so happy to know that my pc is clean at long last :( :( :) :)




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users