Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Virtumonde/Vundo Trojan? ComboFix Report Included


  • This topic is locked This topic is locked
2 replies to this topic

#1 rainmaker3000

rainmaker3000

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:12 AM

Posted 20 November 2009 - 11:51 AM

Hello all, I'm new but I've already gone through the ComboFix report to pin-point the issue. Still, its a little mysterious to me...this computer has been getting module/dll errors left and right, pop-ups have been randomly tying up the processor and eventually shuts down the system. I've run Spybot prior to using ComboFix, but unfortunately have received the same issues as stated.

I did some research and found that there are these steps to permanently remove the virtumonde trojan hxxp://www.fixvirtumondedll.com/, without it replicating itself back into the registry...but I'd like a second option. Here is the log report from ComboFix..thanks to anyone who can assist!

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:recycledNPROTECT00000000.DAT
c:recycledNPROTECT00000001.DAT
c:recycledNPROTECT00000002
c:recycledNPROTECT00000003
c:recycledNPROTECT00000004
c:recycledNPROTECT00000005
c:recycledNPROTECT00000006
c:recycledNPROTECT00000007
c:recycledNPROTECT00000008
c:recycledNPROTECT00000009.RDB
c:recycledNPROTECT00000010.DAT
c:recycledNPROTECT00000011
c:recycledNPROTECT00000012
c:recycledNPROTECT00000013
c:recycledNPROTECT00000014
c:recycledNPROTECT00000015
c:recycledNPROTECT00000016.DAT
c:recycledNPROTECT00000017
c:recycledNPROTECT00000018
c:recycledNPROTECT00000019
c:recycledNPROTECT00000020
c:recycledNPROTECT00000021
c:recycledNPROTECT00000022
c:recycledNPROTECT00000023
c:recycledNPROTECT00000024
c:recycledNPROTECT00000025
c:recycledNPROTECT00000026
c:recycledNPROTECT00000027
c:recycledNPROTECT00000028
c:recycledNPROTECT00000029
c:recycledNPROTECT00000030
c:recycledNPROTECT00000031
c:recycledNPROTECT00000032.dat
c:recycledNPROTECT00000033
c:recycledNPROTECT00000034
c:recycledNPROTECT00000035
c:recycledNPROTECT00000036
c:recycledNPROTECT00000037
c:recycledNPROTECT00000038
c:recycledNPROTECT00000039
c:recycledNPROTECT00000040
c:recycledNPROTECT00000041
c:recycledNPROTECT00000042
c:recycledNPROTECT00000043
c:recycledNPROTECT00000044
c:recycledNPROTECT00000045
c:recycledNPROTECT00000046
c:recycledNPROTECT00000047
c:recycledNPROTECT00000048
c:recycledNPROTECT00000049
c:recycledNPROTECT00000050
c:recycledNPROTECT00000051
c:recycledNPROTECT00000052
c:recycledNPROTECT00000053
c:recycledNPROTECT00000054
c:recycledNPROTECT00000055
c:recycledNPROTECT00000056
c:recycledNPROTECT00000057
c:recycledNPROTECT00000058
c:recycledNPROTECT00000059
c:recycledNPROTECT00000060
c:recycledNPROTECT00000061
c:recycledNPROTECT00000062
c:recycledNPROTECT00000063
c:recycledNPROTECT00000064
c:recycledNPROTECT00000065
c:recycledNPROTECT00000066
c:recycledNPROTECT00000067
c:recycledNPROTECT00000068
c:recycledNPROTECT00000069
c:recycledNPROTECT00000070
c:recycledNPROTECT00000071
c:recycledNPROTECT00000072
c:recycledNPROTECT00000073
c:recycledNPROTECT00000074
c:recycledNPROTECT00000075
c:recycledNPROTECT00000076
c:recycledNPROTECT00000077
c:recycledNPROTECT00000078
c:recycledNPROTECT00000079
c:recycledNPROTECT00000080
c:recycledNPROTECT00000081
c:recycledNPROTECT00000082
c:recycledNPROTECT00000083
c:recycledNPROTECT00000084
c:recycledNPROTECT00000085
c:recycledNPROTECT00000086
c:recycledNPROTECT00000087
c:recycledNPROTECT00000088
c:recycledNPROTECT00000089
c:recycledNPROTECT00000090
c:recycledNPROTECT00000091
c:recycledNPROTECT00000092
c:recycledNPROTECT00000093
c:recycledNPROTECT00000094
c:recycledNPROTECT00000095
c:recycledNPROTECT00000096
c:recycledNPROTECT00000097
c:recycledNPROTECT00000098
c:recycledNPROTECT00000099
c:recycledNPROTECT00000100
c:recycledNPROTECT00000101
c:recycledNPROTECT00000102
c:recycledNPROTECT00000103
c:recycledNPROTECT00000104
c:recycledNPROTECT00000105
c:recycledNPROTECT00000106
c:recycledNPROTECT00000107
c:recycledNPROTECT00000108
c:recycledNPROTECT00000109
c:recycledNPROTECT00000110
c:recycledNPROTECT00000111
c:recycledNPROTECT00000112
c:recycledNPROTECT00000113
c:recycledNPROTECT00000114
c:recycledNPROTECT00000115
c:recycledNPROTECT00000116
c:recycledNPROTECT00000117
c:recycledNPROTECT00000118
c:recycledNPROTECT00000119
c:recycledNPROTECT00000120
c:recycledNPROTECT00000121
c:recycledNPROTECT00000122
c:recycledNPROTECT00000123
c:recycledNPROTECT00000124
c:recycledNPROTECT00000125
c:recycledNPROTECT00000126
c:recycledNPROTECT00000127
c:recycledNPROTECT00000128
c:recycledNPROTECT00000129
c:recycledNPROTECT00000130
c:recycledNPROTECT00000131
c:recycledNPROTECT00000132
c:recycledNPROTECT00000133
c:recycledNPROTECT00000134
c:recycledNPROTECT00000135
c:recycledNPROTECT00000136
c:recycledNPROTECT00000137
c:recycledNPROTECT00000138
c:recycledNPROTECT00000139
c:recycledNPROTECT00000140
c:recycledNPROTECT00000141
c:recycledNPROTECT00000142
c:recycledNPROTECT00000143
c:recycledNPROTECT00000144
c:recycledNPROTECT00000145
c:recycledNPROTECT00000146
c:recycledNPROTECT00000147
c:recycledNPROTECT00000148
c:recycledNPROTECT00000149
c:recycledNPROTECT00000150
c:recycledNPROTECT00000151
c:recycledNPROTECT00000152
c:recycledNPROTECT00000153
c:recycledNPROTECT00000154
c:recycledNPROTECT00000155
c:recycledNPROTECT00000156
c:recycledNPROTECT00000157
c:recycledNPROTECT00000158
c:recycledNPROTECT00000159
c:recycledNPROTECT00000160.RDB
c:recycledNPROTECT00000161
c:recycledNPROTECT00000162
c:recycledNPROTECT00000163
c:recycledNPROTECT00000164.dat
c:recycledNPROTECT00000165.DAT
c:recycledNPROTECT00000166
c:recycledNPROTECT00000167
c:recycledNPROTECT00000168
c:recycledNPROTECT00000169
c:recycledNPROTECT00000170
c:recycledNPROTECT00000171
c:recycledNPROTECT00000172
c:recycledNPROTECT00000173
c:recycledNPROTECT00000174.DAT
c:recycledNPROTECT00000175
c:recycledNPROTECT00000176.bat
c:recycledNPROTECT00000177
c:recycledNPROTECT00000178
c:recycledNPROTECT00000179
c:recycledNPROTECT00000180
c:recycledNPROTECT00000181
c:recycledNPROTECT00000182
c:recycledNPROTECT00000183
c:recycledNPROTECT00000184
c:recycledNPROTECT00000185
c:recycledNPROTECT00000186
c:recycledNPROTECT00000187
c:recycledNPROTECT00000188
c:recycledNPROTECT00000189
c:recycledNPROTECT00000190
c:recycledNPROTECT00000191
c:recycledNPROTECT00000192
c:recycledNPROTECT00000193
c:recycledNPROTECT00000194
c:recycledNPROTECT00000195
c:recycledNPROTECT00000196
c:recycledNPROTECT00000197
c:recycledNPROTECT00000198
c:recycledNPROTECT00000199
c:recycledNPROTECT00000200
c:recycledNPROTECT00000201
c:recycledNPROTECT00000202
c:recycledNPROTECT00000203
c:recycledNPROTECT00000204
c:recycledNPROTECT00000205
c:recycledNPROTECT00000206
c:recycledNPROTECT00000207
c:recycledNPROTECT00000208
c:recycledNPROTECT00000209
c:recycledNPROTECT00000210
c:recycledNPROTECT00000211
c:recycledNPROTECT00000212
c:recycledNPROTECT00000213
c:recycledNPROTECT00000214
c:recycledNPROTECT00000215
c:recycledNPROTECT00000216
c:recycledNPROTECT00000217
c:recycledNPROTECT00000218
c:recycledNPROTECT00000219
c:recycledNPROTECT00000220
c:recycledNPROTECT00000221
c:recycledNPROTECT00000222
c:recycledNPROTECT00000223
c:recycledNPROTECT00000224
c:recycledNPROTECT00000225
c:recycledNPROTECT00000226
c:recycledNPROTECT00000227
c:recycledNPROTECT00000228
c:recycledNPROTECT00000229
c:recycledNPROTECT00000230
c:recycledNPROTECT00000231
c:recycledNPROTECT00000232
c:recycledNPROTECT00000233
c:recycledNPROTECT00000234.DAT
c:recycledNPROTECT00000235
c:recycledNPROTECT00000236.bad
c:recycledNPROTECT00000237
c:recycledNPROTECT00000238
c:recycledNPROTECT00000239
c:recycledNPROTECT00000240
c:recycledNPROTECT00000241
c:recycledNPROTECT00000242.RDB
c:recycledNPROTECT00000243.md5
c:recycledNPROTECT . . . . failed to delete
c:recycledNPROTECTNPROTECT.LOG . . . . failed to delete

c:windowssystem32qmgr.dll . . . is infected!!

.
((((((((((((((((((((((((( Files Created from 2009-10-20 to 2009-11-20 )))))))))))))))))))))))))))))))
.

2009-11-20 01:11 . 2007-03-09 06:02 75512 ----a-w- c:windowszllsputility.exe
2009-11-19 13:39 . 2009-11-19 13:39 -------- d-s---w- c:documents and settingsDadUserData
2009-11-18 03:01 . 2009-11-18 03:01 -------- d-----w- c:windowssystem32wbemRepository
2009-11-14 15:21 . 2009-11-14 15:22 -------- d-----w- c:documents and settingsAll UsersApplication DataMcAfee
2009-11-11 04:01 . 2009-11-11 04:01 -------- d-----w- c:documents and settingsAll UsersApplication DataNexon
2009-11-11 03:50 . 2004-07-09 09:26 47104 ----a-w- c:windowssystem32wstdecod.dll
2009-11-11 03:47 . 2009-11-11 03:47 -------- d-----w- c:windowsLogs
2009-10-31 15:34 . 2009-10-31 15:34 -------- d-----w- c:program filesCommon Filesmuvee Technologies
2009-10-31 15:34 . 2009-10-31 15:34 -------- d-----w- c:program filesmuvee Technologies
2009-10-31 15:33 . 2009-10-31 15:33 -------- d-----w- c:documents and settingsAll UsersApplication Datamuvee Technologies
2009-10-30 16:29 . 2009-10-30 16:29 -------- d-----w- c:documents and settingsDadApplication DataNeopleLauncherDFO
2009-10-30 16:11 . 2009-10-30 16:11 -------- d-----w- C:Nexon
2009-10-30 16:11 . 2009-11-10 22:56 90112 ----a-w- c:documents and settingsAll UsersApplication DataNexonUSNGMnpNxGameUS.dll
2009-10-30 16:11 . 2009-11-10 22:56 118784 ----a-w- c:documents and settingsAll UsersApplication DataNexonUSNGMnxgameus.dll
2009-10-30 16:11 . 2009-11-10 22:56 393216 ----a-w- c:documents and settingsAll UsersApplication DataNexonUSNGMNGMResource.dll
2009-10-30 16:11 . 2009-11-10 22:56 258352 ----a-w- c:documents and settingsAll UsersApplication DataNexonUSNGMunicows.dll
2009-10-30 16:11 . 2009-11-10 22:56 561152 ----a-w- c:documents and settingsAll UsersApplication DataNexonUSNGMNGMDll.dll
2009-10-30 16:11 . 2009-11-10 22:56 167936 ----a-w- c:documents and settingsAll UsersApplication DataNexonUSNGMNGM.exe
2009-10-30 16:10 . 2009-10-30 16:11 -------- d-----w- c:documents and settingsAll UsersApplication DataNexonUS
2009-10-22 00:56 . 2009-10-22 00:56 -------- d-----w- c:documents and settingsMicahLocal SettingsApplication DataPMB Files
2009-10-22 00:43 . 2009-10-22 00:43 -------- d-----w- c:documents and settingsDadLocal SettingsApplication DataPMB Files
2009-10-22 00:43 . 2009-10-22 00:43 -------- d-----w- c:documents and settingsAll UsersApplication DataPMB Files
2009-10-22 00:42 . 2009-10-22 00:42 -------- d-----w- c:program filesPando Networks

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-20 01:12 . 2007-09-23 23:45 4212 ---h--w- c:windowssystem32zllictbl.dat
2009-11-20 01:10 . 2009-11-20 01:10 -------- d-----w- c:program filesZone Labs
2009-10-05 17:00 . 2008-08-12 18:43 129520 ----a-w- c:documents and settingsMicahLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-09-29 16:23 . 2009-09-29 16:23 -------- d-----w- c:program fileszabkat
2009-09-27 17:02 . 2007-10-02 18:35 129520 ----a-w- c:documents and settingsDadLocal SettingsApplication DataGDIPFONTCACHEV1.DAT
2009-09-26 22:39 . 2009-09-26 22:39 -------- d-----w- c:program filesSoftStuff
2009-09-15 11:59 . 2009-07-26 17:33 1279968 ----a-w- c:windowssystem32aswBoot.exe
2009-09-15 11:56 . 2009-07-26 17:34 93424 ----a-w- c:windowssystem32driversaswmon.sys
2009-09-15 11:56 . 2009-07-26 17:34 94160 ----a-w- c:windowssystem32driversaswmon2.sys
2009-09-15 11:55 . 2009-07-26 17:34 114768 ----a-w- c:windowssystem32driversaswSP.sys
2009-09-15 11:54 . 2009-07-26 17:34 52368 ----a-w- c:windowssystem32driversaswTdi.sys
2009-09-15 11:54 . 2009-07-26 17:34 23152 ----a-w- c:windowssystem32driversaswRdr.sys
2009-09-15 11:53 . 2009-07-26 17:34 27408 ----a-w- c:windowssystem32driversaavmker4.sys
2009-09-15 11:53 . 2009-07-26 17:34 97480 ----a-w- c:windowssystem32AvastSS.scr
2009-09-04 22:44 . 2009-11-11 03:53 515416 ----a-w- c:windowssystem32XAudio2_5.dll
2009-09-04 22:44 . 2009-11-11 03:53 238936 ----a-w- c:windowssystem32xactengine3_5.dll
2009-09-04 22:44 . 2009-11-11 03:53 69464 ----a-w- c:windowssystem32XAPOFX1_3.dll
2009-09-04 22:29 . 2009-11-11 03:53 453456 ----a-w- c:windowssystem32d3dx10_42.dll
2009-09-04 22:29 . 2009-11-11 03:53 235344 ----a-w- c:windowssystem32d3dx11_42.dll
2009-09-04 22:29 . 2009-11-11 03:53 1974616 ----a-w- c:windowssystem32D3DCompiler_42.dll
2009-09-04 22:29 . 2009-11-11 03:53 5501792 ----a-w- c:windowssystem32d3dcsx_42.dll
2009-09-04 22:29 . 2009-11-11 03:53 1892184 ----a-w- c:windowssystem32D3DX9_42.dll
2007-09-20 03:29 . 2007-09-20 03:29 11079 ---h--w- c:program filesfolder.htt
1998-12-09 03:53 . 1998-12-09 03:53 99840 ----a-w- c:program filesCommon FilesIRAABOUT.DLL
1998-12-09 03:53 . 1998-12-09 03:53 70144 ----a-w- c:program filesCommon FilesIRAMDMTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 48640 ----a-w- c:program filesCommon FilesIRALPTTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 31744 ----a-w- c:program filesCommon FilesIRAWEBTR.DLL
1998-12-09 03:53 . 1998-12-09 03:53 186368 ----a-w- c:program filesCommon FilesIRAREG.DLL
1998-12-09 03:53 . 1998-12-09 03:53 17920 ----a-w- c:program filesCommon FilesIRASRIAL.DLL
.

((((((((((((((((((((((((((((( SnapShot@2009-11-20_00.20.42 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-20 02:52 . 2009-11-20 02:52 16384 c:windowsTEMPPerflib_Perfdata_7ac.dat
+ 2009-11-20 01:15 . 2009-11-20 01:15 16384 c:windowsTEMPPerflib_Perfdata_614.dat
+ 2009-11-20 02:52 . 2009-11-20 02:52 16384 c:windowsTEMPPerflib_Perfdata_5f4.dat
- 2007-09-23 23:45 . 2007-03-09 06:01 79608 c:windowsSYSTEM32ZoneLabszlquarantine.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 79608 c:windowsSYSTEM32ZoneLabszlquarantine.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 75568 c:windowsSYSTEM32ZoneLabsvsmon.exe
+ 2009-11-20 01:10 . 2007-03-09 06:01 75568 c:windowsSYSTEM32ZoneLabsvsmon.exe
- 2007-09-23 23:44 . 2007-03-09 06:01 79600 c:windowsSYSTEM32ZoneLabsvsdb.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 79600 c:windowsSYSTEM32ZoneLabsvsdb.dll
+ 2009-11-20 01:11 . 2007-01-18 11:39 50416 c:windowsSYSTEM32ZoneLabssrescan.sys
- 2007-09-23 23:45 . 2007-01-18 11:39 50416 c:windowsSYSTEM32ZoneLabssrescan.sys
+ 2009-11-20 01:10 . 2007-03-09 06:04 30480 c:windowsSYSTEM32ZoneLabspluginsvsmon_pluginvsmon_plugin.dll
- 2007-09-23 23:45 . 2007-03-09 06:04 30480 c:windowsSYSTEM32ZoneLabspluginsvsmon_pluginvsmon_plugin.dll
- 2007-09-23 23:45 . 2007-03-09 06:04 30448 c:windowsSYSTEM32ZoneLabspluginsrpc_serverrpc_server.dll
+ 2009-11-20 01:10 . 2007-03-09 06:04 30448 c:windowsSYSTEM32ZoneLabspluginsrpc_serverrpc_server.dll
+ 2009-11-20 01:10 . 2007-03-09 06:02 71320 c:windowsSYSTEM32ZoneLabslibzui.zip.dll
- 2007-09-23 23:45 . 2007-03-09 06:02 71320 c:windowsSYSTEM32ZoneLabslibzui.zip.dll
+ 2009-11-20 01:10 . 2007-03-09 06:02 26264 c:windowsSYSTEM32ZoneLabslibzlsvc.zip.dll
- 2007-09-23 23:45 . 2007-03-09 06:02 26264 c:windowsSYSTEM32ZoneLabslibzlsvc.zip.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 38640 c:windowsSYSTEM32ZoneLabsfeaturemap.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 38640 c:windowsSYSTEM32ZoneLabsfeaturemap.dll
+ 2009-11-20 01:10 . 2006-12-20 00:13 94313 c:windowsSYSTEM32ZoneLabsavsysScanningProcess.exe
- 2007-09-23 23:45 . 2006-12-20 00:13 94313 c:windowsSYSTEM32ZoneLabsavsysScanningProcess.exe
+ 2009-11-20 01:10 . 2006-12-20 00:13 69785 c:windowsSYSTEM32ZoneLabsavsysMonitor.exe
- 2007-09-23 23:45 . 2006-12-20 00:13 69785 c:windowsSYSTEM32ZoneLabsavsysMonitor.exe
- 2007-09-23 23:45 . 2006-12-20 00:13 12288 c:windowsSYSTEM32ZoneLabsavsyskl1.sys
+ 2009-11-20 01:11 . 2006-12-20 00:13 12288 c:windowsSYSTEM32ZoneLabsavsyskl1.sys
- 2007-09-23 23:45 . 2006-11-30 04:02 36923 c:windowsSYSTEM32ZoneLabsavsysFSSync.dll
+ 2009-11-20 01:10 . 2006-11-30 04:02 36923 c:windowsSYSTEM32ZoneLabsavsysFSSync.dll
- 2007-09-23 23:45 . 2006-12-20 00:13 61565 c:windowsSYSTEM32ZoneLabsavsysCKAHComm.dll
+ 2009-11-20 01:11 . 2006-12-20 00:13 61565 c:windowsSYSTEM32ZoneLabsavsysCKAHComm.dll
- 2007-09-23 23:45 . 2006-12-20 00:13 19088 c:windowsSYSTEM32ZoneLabsavsysbasesklstm.sys
+ 2009-11-20 01:11 . 2006-12-20 00:13 19088 c:windowsSYSTEM32ZoneLabsavsysbasesklstm.sys
- 2007-09-23 23:45 . 2006-12-20 00:13 51344 c:windowsSYSTEM32ZoneLabsavsysbasesklfw.sys
+ 2009-11-20 01:11 . 2006-12-20 00:13 51344 c:windowsSYSTEM32ZoneLabsavsysbasesklfw.sys
- 2007-09-23 23:45 . 2006-12-20 00:13 19600 c:windowsSYSTEM32ZoneLabsavsysbasesklcr.sys
+ 2009-11-20 01:11 . 2006-12-20 00:13 19600 c:windowsSYSTEM32ZoneLabsavsysbasesklcr.sys
+ 2009-11-20 01:11 . 2006-12-20 00:13 77456 c:windowsSYSTEM32ZoneLabsavsysbasesids0015d.sys
- 2007-09-23 23:45 . 2006-12-20 00:13 77456 c:windowsSYSTEM32ZoneLabsavsysbasesids0015d.sys
- 2007-09-23 23:45 . 2006-06-30 20:47 57804 c:windowsSYSTEM32ZoneLabsavsysbasesids000ee.sys
+ 2009-11-20 01:11 . 2006-06-30 20:47 57804 c:windowsSYSTEM32ZoneLabsavsysbasesids000ee.sys
- 2007-09-23 23:45 . 2006-06-30 20:47 62604 c:windowsSYSTEM32ZoneLabsavsysbasesids0005c.sys
+ 2009-11-20 01:11 . 2006-06-30 20:47 62604 c:windowsSYSTEM32ZoneLabsavsysbasesids0005c.sys
+ 2009-11-20 01:10 . 2006-06-30 20:47 21568 c:windowsSYSTEM32ZoneLabsavsysbasesavcmhk4.dll
- 2007-09-23 23:45 . 2006-06-30 20:47 21568 c:windowsSYSTEM32ZoneLabsavsysbasesavcmhk4.dll
+ 2009-11-20 01:10 . 2006-06-30 20:47 20544 c:windowsSYSTEM32ZoneLabsavsysbasesavcmhk.dll
- 2007-09-23 23:45 . 2006-06-30 20:47 20544 c:windowsSYSTEM32ZoneLabsavsysbasesavcmhk.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 71408 c:windowsSYSTEM32zlcommdb.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 71408 c:windowsSYSTEM32zlcommdb.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 83696 c:windowsSYSTEM32zlcomm.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 83696 c:windowsSYSTEM32zlcomm.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 46832 c:windowsSYSTEM32vswmi.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 46832 c:windowsSYSTEM32vswmi.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 71408 c:windowsSYSTEM32vsregexp.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 71408 c:windowsSYSTEM32vsregexp.dll
- 2007-09-23 23:44 . 2007-03-09 06:01 83696 c:windowsSYSTEM32vsdata.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 83696 c:windowsSYSTEM32vsdata.dll
+ 2009-11-20 00:50 . 2009-11-20 01:04 32768 c:windowsSYSTEM32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
- 2007-09-20 03:53 . 2009-11-19 15:27 32768 c:windowsSYSTEM32configsystemprofileLocal SettingsTemporary Internet FilesContent.IE5index.dat
+ 2007-09-20 03:53 . 2009-11-20 01:04 32768 c:windowsSYSTEM32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
- 2007-09-20 03:53 . 2009-11-19 15:27 32768 c:windowsSYSTEM32configsystemprofileLocal SettingsHistoryHistory.IE5index.dat
+ 2009-11-20 00:50 . 2009-11-20 01:04 16384 c:windowsSYSTEM32configsystemprofileCookiesindex.dat
+ 2009-11-20 01:10 . 2007-03-09 06:01 120560 c:windowsSYSTEM32ZoneLabszlupdate.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 120560 c:windowsSYSTEM32ZoneLabszlupdate.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 378608 c:windowsSYSTEM32ZoneLabszlsre.dll
+ 2009-11-20 01:11 . 2007-03-09 06:01 378608 c:windowsSYSTEM32ZoneLabszlsre.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 177904 c:windowsSYSTEM32ZoneLabszlparser.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 177904 c:windowsSYSTEM32ZoneLabszlparser.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 243440 c:windowsSYSTEM32ZoneLabsvsvault.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 243440 c:windowsSYSTEM32ZoneLabsvsvault.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 108272 c:windowsSYSTEM32ZoneLabsvsavpro.dll
- 2007-09-23 23:44 . 2007-03-09 06:01 108272 c:windowsSYSTEM32ZoneLabsvsavpro.dll
- 2007-09-23 23:45 . 2007-01-11 23:31 286787 c:windowsSYSTEM32ZoneLabsupdtrsdk.dll
+ 2009-11-20 01:11 . 2007-01-11 23:31 286787 c:windowsSYSTEM32ZoneLabsupdtrsdk.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 141104 c:windowsSYSTEM32ZoneLabsupdclient.exe
+ 2009-11-20 01:11 . 2007-03-09 06:01 141104 c:windowsSYSTEM32ZoneLabsupdclient.exe
+ 2009-11-20 01:10 . 2006-10-28 09:03 833520 c:windowsSYSTEM32ZoneLabsupdating.dll
- 2007-09-23 23:45 . 2006-10-28 09:03 833520 c:windowsSYSTEM32ZoneLabsupdating.dll
- 2007-09-23 23:45 . 2006-09-05 02:59 503875 c:windowsSYSTEM32ZoneLabsupd_core.dll
+ 2009-11-20 01:11 . 2006-09-05 02:59 503875 c:windowsSYSTEM32ZoneLabsupd_core.dll
- 2007-09-23 23:45 . 2007-03-09 06:04 210696 c:windowsSYSTEM32ZoneLabsstreamapihttpblockerhttpblocker.dll
+ 2009-11-20 01:11 . 2007-03-09 06:04 210696 c:windowsSYSTEM32ZoneLabsstreamapihttpblockerhttpblocker.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 456432 c:windowsSYSTEM32ZoneLabsssleay32.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 456432 c:windowsSYSTEM32ZoneLabsssleay32.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 173808 c:windowsSYSTEM32ZoneLabsscheduler.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 173808 c:windowsSYSTEM32ZoneLabsscheduler.dll
+ 2009-11-20 01:11 . 2007-01-18 11:39 677608 c:windowsSYSTEM32ZoneLabsqrsrecl.dll
- 2007-09-23 23:45 . 2007-01-18 11:39 677608 c:windowsSYSTEM32ZoneLabsqrsrecl.dll
+ 2009-11-20 01:10 . 2007-01-18 11:39 714472 c:windowsSYSTEM32ZoneLabsqrbase.dll
- 2007-09-23 23:45 . 2007-01-18 11:39 714472 c:windowsSYSTEM32ZoneLabsqrbase.dll
- 2007-09-23 23:45 . 2007-03-09 06:02 153240 c:windowsSYSTEM32ZoneLabsliblicenseui.zip.dll
+ 2009-11-20 01:10 . 2007-03-09 06:02 153240 c:windowsSYSTEM32ZoneLabsliblicenseui.zip.dll
- 2007-09-23 23:45 . 2007-03-09 06:02 288408 c:windowsSYSTEM32ZoneLabslibConfigWizard.zip.dll
+ 2009-11-20 01:10 . 2007-03-09 06:02 288408 c:windowsSYSTEM32ZoneLabslibConfigWizard.zip.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 321280 c:windowsSYSTEM32ZoneLabsimsecure.dll
+ 2009-11-20 01:11 . 2007-03-09 06:01 321280 c:windowsSYSTEM32ZoneLabsimsecure.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 128744 c:windowsSYSTEM32ZoneLabsfbl.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 128744 c:windowsSYSTEM32ZoneLabsfbl.dll
+ 2009-11-20 01:11 . 2004-01-30 18:35 813568 c:windowsSYSTEM32ZoneLabsdbghelp.dll
- 2007-09-23 23:45 . 2004-01-30 18:35 813568 c:windowsSYSTEM32ZoneLabsdbghelp.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 100080 c:windowsSYSTEM32ZoneLabscamupd.dll
+ 2009-11-20 01:11 . 2007-03-09 06:01 100080 c:windowsSYSTEM32ZoneLabscamupd.dll
- 2007-09-23 23:45 . 2006-12-20 00:13 200704 c:windowsSYSTEM32ZoneLabsavsysssleay32.dll
+ 2009-11-20 01:11 . 2006-12-20 00:13 200704 c:windowsSYSTEM32ZoneLabsavsysssleay32.dll
- 2007-09-23 23:45 . 2006-11-30 04:02 184445 c:windowsSYSTEM32ZoneLabsavsysprloader.dll
+ 2009-11-20 01:10 . 2006-11-30 04:02 184445 c:windowsSYSTEM32ZoneLabsavsysprloader.dll
- 2007-09-23 23:45 . 2006-11-30 04:02 174864 c:windowsSYSTEM32ZoneLabsavsysklif.sys
+ 2009-11-20 01:10 . 2006-11-30 04:02 174864 c:windowsSYSTEM32ZoneLabsavsysklif.sys
+ 2009-11-20 01:10 . 2007-01-11 23:31 274514 c:windowsSYSTEM32ZoneLabsavsyskave.dll
- 2007-09-23 23:45 . 2007-01-11 23:31 274514 c:windowsSYSTEM32ZoneLabsavsyskave.dll
+ 2009-11-20 01:10 . 2006-09-20 05:12 208960 c:windowsSYSTEM32ZoneLabsavsysinv.dll
- 2007-09-23 23:45 . 2006-09-20 05:12 208960 c:windowsSYSTEM32ZoneLabsavsysinv.dll
+ 2009-11-20 01:11 . 2006-12-20 00:13 307323 c:windowsSYSTEM32ZoneLabsavsysCKAHUM.dll
- 2007-09-23 23:45 . 2006-12-20 00:13 307323 c:windowsSYSTEM32ZoneLabsavsysCKAHUM.dll
+ 2009-11-20 01:11 . 2006-12-20 00:13 114813 c:windowsSYSTEM32ZoneLabsavsysCKAHrule.dll
- 2007-09-23 23:45 . 2006-12-20 00:13 114813 c:windowsSYSTEM32ZoneLabsavsysCKAHrule.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 362280 c:windowsSYSTEM32ZoneLabsav.dll
+ 2009-11-20 01:11 . 2007-03-09 06:01 362280 c:windowsSYSTEM32ZoneLabsav.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 100080 c:windowsSYSTEM32vsxml.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 100080 c:windowsSYSTEM32vsxml.dll
- 2007-09-23 23:44 . 2007-03-09 06:01 472816 c:windowsSYSTEM32vsutil.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 472816 c:windowsSYSTEM32vsutil.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 276208 c:windowsSYSTEM32vspubapi.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 276208 c:windowsSYSTEM32vspubapi.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 104176 c:windowsSYSTEM32vsmonapi.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 104176 c:windowsSYSTEM32vsmonapi.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 157424 c:windowsSYSTEM32vsinit.dll
- 2007-09-23 23:44 . 2007-03-09 06:01 157424 c:windowsSYSTEM32vsinit.dll
- 2007-09-23 23:45 . 2007-03-09 06:02 394192 c:windowsSYSTEM32vsdatant.sys
+ 2009-11-20 01:10 . 2007-03-09 06:02 394192 c:windowsSYSTEM32vsdatant.sys
+ 2009-11-20 01:10 . 2007-03-09 06:01 796312 c:windowsSYSTEM32libeay32_0.9.6l.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 796312 c:windowsSYSTEM32libeay32_0.9.6l.dll
- 2009-07-26 17:32 . 2009-11-19 23:01 262144 c:windowsSYSTEM32configsystemprofileNtUser.dat
+ 2009-07-26 17:32 . 2009-11-20 01:24 262144 c:windowsSYSTEM32configsystemprofileNtUser.dat
- 2007-09-23 23:45 . 2007-03-09 06:01 1087216 c:windowsSYSTEM32zpeng24.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 1087216 c:windowsSYSTEM32zpeng24.dll
+ 2009-11-20 01:11 . 2007-01-11 17:12 2432259 c:windowsSYSTEM32ZoneLabszlasdbup.dat
- 2007-09-23 23:45 . 2007-01-11 17:12 2432259 c:windowsSYSTEM32ZoneLabszlasdbup.dat
+ 2009-11-20 01:10 . 2007-03-09 06:01 1345264 c:windowsSYSTEM32ZoneLabsvsruledb.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 1345264 c:windowsSYSTEM32ZoneLabsvsruledb.dll
+ 2009-11-20 01:10 . 2007-03-09 06:01 2025200 c:windowsSYSTEM32ZoneLabsvsmondll.dll
- 2007-09-23 23:45 . 2007-03-09 06:01 2025200 c:windowsSYSTEM32ZoneLabsvsmondll.dll
- 2007-09-23 23:45 . 2007-03-09 06:04 3229440 c:windowsSYSTEM32ZoneLabsstreamapiimslspimslsp.dll
+ 2009-11-20 01:11 . 2007-03-09 06:04 3229440 c:windowsSYSTEM32ZoneLabsstreamapiimslspimslsp.dll
+ 2009-11-20 01:11 . 2007-01-18 11:39 1369832 c:windowsSYSTEM32ZoneLabssrescan.dll
- 2007-09-23 23:45 . 2007-01-18 11:39 1369832 c:windowsSYSTEM32ZoneLabssrescan.dll
- 2007-09-23 23:45 . 2007-01-11 17:12 2432259 c:windowsSYSTEM32ZoneLabsspyware.dat
+ 2009-11-20 01:11 . 2007-01-11 17:12 2432259 c:windowsSYSTEM32ZoneLabsspyware.dat
- 2007-09-23 23:45 . 2007-03-09 06:02 1361560 c:windowsSYSTEM32ZoneLabslibzpy.zip.dll
+ 2009-11-20 01:10 . 2007-03-09 06:02 1361560 c:windowsSYSTEM32ZoneLabslibzpy.zip.dll
- 2007-09-23 23:45 . 2006-12-20 00:13 1093632 c:windowsSYSTEM32ZoneLabsavsyslibeay32.dll
+ 2009-11-20 01:11 . 2006-12-20 00:13 1093632 c:windowsSYSTEM32ZoneLabsavsyslibeay32.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionexplorershelliconoverlayidentifiersSlowFile Icon Overlay]
@="{7D688A77-C613-11D0-999B-00C04FD655E1}"
[HKEY_CLASSES_ROOTCLSID{7D688A77-C613-11D0-999B-00C04FD655E1}]
2001-08-23 17:00 8322560 ----a-w- c:windowsSYSTEM32shell32.dll

[HKEY_CURRENT_USERSOFTWAREMicrosoftWindowsCurrentVersionRun]
"Pando Media Booster"="c:program filesPando NetworksMedia BoosterPMB.exe" [2009-10-22 2923192]

[HKEY_LOCAL_MACHINESOFTWAREMicrosoftWindowsCurrentVersionRun]
"NvCplDaemon"="c:windowsSystem32NvCpl.dll" [2006-07-25 7311360]
"ccApp"="c:program filesCommon FilesSymantec SharedccApp.exe" [2006-10-28 107112]
"Symantec PIF AlertEng"="c:program filesCommon FilesSymantec SharedPIF{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}PIFSvc.exe" [2008-01-29 583048]
"NSWosCheck"="c:program filesNorton SystemWorksosCheck.exe" [2007-12-03 25472]
"TkBellExe"="c:program filesCommon FilesRealUpdate_OBrealsched.exe" [2008-06-28 185896]
"avast!"="c:progra~1ALWILS~1Avast4ashDisp.exe" [2009-09-15 81000]
"ZoneAlarm Client"="c:program filesZone LabsZoneAlarmzlclient.exe" [2007-03-09 919280]

c:documents and settingsAll UsersStart MenuProgramsStartup
Logitech SetPoint.lnk - c:program filesLogitechSetPointSetPoint.exe [2008-3-3 789008]
Garden Planner Tray Application.lnk - g:sierraGPlancaltray.exe [2009-2-7 32768]
SoftStuff Wallpaper Changer.lnk - c:program filesSoftStuffsoftstrt.exe [2009-9-26 180736]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyLBTWlgn]
2008-01-09 17:30 72208 ----a-w- c:program filesCommon FilesLogishrdBluetoothLBTWLgn.dll

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionwinlogonnotifyWBSrv]
2008-04-30 02:58 210168 ----a-w- c:program filesStardockObject DesktopWindowBlindsWbSrv.dll

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalaawservice]
@="Service"

[HKEY_LOCAL_MACHINESYSTEMCurrentControlSetControlSafeBootMinimalWdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindowscurrentversionsetupdisabledrunkeys]
"LoadPowerProfile"=Rundll32.exe powrprof.dll,LoadCurrentPwrScheme

R1 aswSP;avast! Self Protection;c:windowsSYSTEM32DRIVERSaswSP.sys [7/26/2009 12:34 PM 114768]
R2 BT848;AVerMedia AVerTV WDM Video Capture (878);c:windowsSYSTEM32DRIVERSBt848.sys [9/22/2007 9:56 PM 152064]
R2 NProtectService;Norton UnErase Protection;c:progra~1NORTON~1NORTON~1NPROTECT.EXE [11/3/2005 11:08 PM 95832]
R2 SgtSch2Svc;Seagate Scheduler2 Service;c:program filesCommon FilesSeagateSchedule2schedul2.exe [6/24/2008 7:56 PM 431384]
S3 acfva;acfva;c:windowsSYSTEM32DRIVERSacfva.sys [12/8/2007 11:47 AM 72064]
S3 ati2mpaa;ati2mpaa;c:windowsSYSTEM32DRIVERSati2mpaa.sys [9/19/2007 10:44 PM 281856]

[HKEY_LOCAL_MACHINEsoftwaremicrosoftwindows ntcurrentversionsvchost]
hpdevmgmt REG_MULTI_SZ hpqcxs08 hpqddsvc
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:windowsTasksNorton SystemWorks One Button Checkup.job
- c:program filesNorton SystemWorksOBC.exe [2009-08-02 06:41]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.windstream.net/
mLocal Page = c:windowsSYSTEMblank.htm
IE: E&xport to Microsoft Excel - c:progra~1MICROS~2Office10EXCEL.EXE/3000
IE: Save Flash - c:program filesUnH SolutionsFlash Saving PluginFlashSButton.dll/210
TCP: {262015EE-7018-4ECE-8C87-C07C9D010D10} = 83.149.115.182
DPF: DirectAnimation Java Classes - file://c:windowsSYSTEMdajava.cab
DPF: Internet Explorer Classes for Java - file://c:windowsSYSTEMiejava.cab
DPF: Microsoft XML Parser for Java - file://c:windowsJavaclassesxmldso4.cab
FF - ProfilePath - c:documents and settingsDadApplication DataMozillaFirefoxProfileszsudhkcs.default
FF - prefs.js: browser.startup.homepage - file:///D:/Google/index.htm
FF - plugin: c:documents and settingsAll UsersApplication DataNexonUSNGMnpNxGameUS.dll
FF - plugin: c:program filesMozilla FirefoxpluginsnpPandoWebInst.dll

---- FIREFOX POLICIES ----
c:program filesMozilla Firefoxgreprefssecurity-prefs.js - pref("security.ssl3.rsa_seed_sha", true);
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-19 22:00
Windows 5.1.2600 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(660)
c:windowssystem32ODBC32.dll
c:program filescommon fileslogishrdbluetoothLBTWlgn.dll
c:program filescommon fileslogishrdbluetoothLBTServ.dll
c:program filesStardockObject DesktopWindowBlindswbsrv.dll

- - - - - - - > 'lsass.exe'(724)
c:windowssystem32relog_ap.dll
c:windowssystem32MSVCIRT.dll
c:windowsSystem32dssenh.dll

- - - - - - - > 'explorer.exe'(5204)
c:windowsSystem32ODBC32.dll
c:program filesLogitechSetPointlgscroll.dll
c:program filesStardockObject DesktopWindowBlindstray.dll
.
------------------------ Other Running Processes ------------------------
.
c:program filesCommon FilesSymantec SharedccSvcHst.exe
c:program filesCommon FilesSymantec SharedAppCoreAppSvc32.exe
c:program filesLavasoftAd-Awareaawservice.exe
c:program filesAlwil SoftwareAvast4aswUpdSv.exe
c:program filesAlwil SoftwareAvast4ashServ.exe
c:program filesSymantecLiveUpdateALUSchedulerSvc.exe
c:windowsSystem32CTsvcCDA.EXE
c:program filesJavajre6binjqs.exe
c:program filesCommon FilesMotiveMcciCMService.exe
c:program filesCommon FilesMicrosoft SharedVS7Debugmdm.exe
c:windowsSystem32nvsvc32.exe
c:progra~1NORTON~1NORTON~1SPEEDD~1NOPDB.EXE
c:windowsSystem32wdfmgr.exe
c:program filesAlwil SoftwareAvast4ashWebSv.exe
c:program filesAlwil SoftwareAvast4ashMaiSv.exe
c:program filesCommon FilesLogishrdKHAL2KHALMNPR.EXE
.
**************************************************************************
.
Completion time: 2009-11-19 22:04 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-20 03:04
ComboFix2.txt 2009-11-20 00:28

Pre-Run: 17,501,093,888 bytes free
Post-Run: 17,629,904,896 bytes free

- - End Of File - - 660D3496D7B2CB5AF2AF720E6695A934

..Sorry, I meant a 'second OPINION' :(

Merged posts. ~ OB

Edited by Orange Blossom, 21 November 2009 - 08:07 PM.
Deactivate link. ~ OB


BC AdBot (Login to Remove)

 


#2 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:12 AM

Posted 27 November 2009 - 08:28 PM

Hi,

Welcome to Bleeping Computer. My name is m0le and I will be helping you with your log.
  • Please subscribe to this topic, if you haven't already. You can subscribe by clicking the Options box to the right of your topic title and selecting Track This Topic.

  • Please avoid installing/uninstalling or updating any programs and attempting any unsupervised fixes or scans. This can make helping you impossible.

  • Please reply to this post so I know you are there.
The forum is busy and we need to have replies as soon as possible. If I haven't had a reply after 3 days I will bump the topic and if you do not reply by the following day after that then I will close the topic.

----------------------------------------------

Firstly,

the link to the Vundo repair is out of date. It uses a tool called Vundofix which is no longer updated and so has become obsolete.


Secondly,

You should not run ComboFix unless you are specifically asked to by a helper. Also, due to the power of this tool it is strongly advised that you do not attempt to act upon any of the information displayed by ComboFix without supervision from someone who has been properly trained. If you do so, it may lead to problems with the normal functionality of your computer.


Finally, please run DDS and RootRepeal so I can take a look at the PC
  • Download DDS by sUBs from one of the following links. Save it to your desktop.
  • Double click on the DDS icon, allow it to run.
  • A small box will open, with an explaination about the tool. No input is needed, the scan is running.
  • Notepad will open with the results.
  • Follow the instructions that pop up for posting the results.
  • Close the program window, and delete the program from your desktop.
Please note: You may have to disable any script protection running if the scan fails to run. After downloading the tool, disconnect from the internet and disable all antivirus protection. Run the scan, enable your A/V and reconnect to the internet.

Information on A/V control HERE


And

We Need to check for Rootkits with RootRepeal
  • Download RootRepeal from the following location and save it to your desktop.

    First Location
    Second Location
    Third Location

  • Open Posted Image on your desktop.
  • Click the Posted Image tab.
  • Click the Posted Image button.
  • Check all seven boxes: Posted Image
  • Push Ok
  • Check the box for your main system drive (Usually C:), and press Ok.
  • Allow RootRepeal to run a scan of your system. This may take some time.
  • Once the scan completes, push the Posted Image button. Save the log to your desktop, using a distinctive name, such as RootRepeal.txt. Include this report in your next reply, please.

Posted Image
m0le is a proud member of UNITE

#3 m0le

m0le

    Can U Dig It?


  • Malware Response Team
  • 34,527 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:London, UK
  • Local time:07:12 AM

Posted 05 December 2009 - 07:14 AM

Since this issue appears to be resolved ... this topic has been closed. Glad we could help. :(

If you're the topic starter, and need this topic reopened, please contact me via pm with the address of the thread.

Everyone else please begin a New Topic.
Posted Image
m0le is a proud member of UNITE




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users