Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

already started scanning please help


  • This topic is locked This topic is locked
5 replies to this topic

#1 celabella

celabella

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 02 June 2011 - 11:43 AM

HI everyone,
just wanted to see if i can get some help.
My computer has been runing fine for 3 years but just recently i've seen that its acting slow and my background picture became blue and when i logged off or shutdown i would see my background picture. So i automatically figured it was some sort of malware, spyware or something.
i downloaded and ran the malwarebytes and it found some objects and i just went and click fix then did a antivirus scan and nothing was found. so i came across combo fix and ran it...after reading this post i guess i wasn't suppose to do it until instructed to do so. oops, sorry! here's the combofix log that i got. any help would be much appreciated.

ComboFix 11-06-01.04 - Administrator 06/01/2011 19:57:50.1.1 - x86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.510.168 [GMT -4:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
AV: Kaspersky Internet Security *Disabled/Updated* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
AV: Microsoft Security Essentials *Disabled/Updated* {BCF43643-A118-4432-AEDE-D861FCBCFCDF}
FW: Kaspersky Internet Security *Disabled* {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
c:\documents and settings\Administrator\Application Data\Local
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\0.ddi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\1.ddi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\2.ddi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Inception_Trailer_592.divx.ddr
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\open.php(2).ddr
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\open.php.ddr
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\settings.ddi
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(10).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(11).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(12).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(13).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(14).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(15).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(16).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(17).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(18).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(19).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(2).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(20).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(21).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(22).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(23).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(24).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(25).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(26).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(27).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(28).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(29).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(3).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(30).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(31).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(32).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(33).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(34).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(35).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(36).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(37).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(38).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(39).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(4).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(40).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(41).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(42).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(43).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(44).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(45).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(46).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(47).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(48).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(49).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(5).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(50).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(51).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(52).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(53).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(54).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(55).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(56).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(57).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(58).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(59).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(6).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(7).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(8).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592(9).divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\Inception_Trailer_592.divx
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\open.php(2).ddp
c:\documents and settings\Administrator\Application Data\Local\Temp\DDM\Settings\Temporary Downloaded Files\open.php.ddp
c:\documents and settings\Administrator\Application Data\Twain
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\bestwiner.stt
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\CPV.stt
c:\documents and settings\Administrator\Local Settings\Temporary Internet Files\fbk.sts
c:\documents and settings\Administrator\Recent\Thumbs.db
c:\windows\Downloaded Program Files\x64
c:\windows\Downloaded Program Files\x64\racodec.ax
c:\windows\Downloaded Program Files\x86
c:\windows\Downloaded Program Files\x86\racodec.ax
c:\windows\system32\w32apiw.dll
.
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
-------\Legacy_TDSSSERV.SYS
-------\Service_TDSSserv.sys
.
.
((((((((((((((((((((((((( Files Created from 2011-05-02 to 2011-06-02 )))))))))))))))))))))))))))))))
.
.
2011-06-01 23:17 . 2011-06-01 23:17 404640 ----a-w- c:\windows\system32\FlashPlayerCPLApp.cpl
2011-06-01 23:15 . 2011-06-01 23:15 -------- d-----w- C:\_OTListIt
2011-06-01 14:56 . 2008-04-14 00:12 26624 ----a-w- c:\documents and settings\LocalService\Application Data\Microsoft\UPnP Device Host\upnphost\udhisapi.dll
2011-05-15 19:49 . 2011-04-26 00:00 16432 ----a-w- c:\windows\system32\lsdelete.exe
2011-05-15 16:14 . 2011-05-15 16:14 98392 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2011-05-15 16:06 . 2011-05-15 16:06 -------- d-sh--w- c:\windows\system32\config\systemprofile\IETldCache
2011-05-15 15:56 . 2011-05-15 15:56 -------- d-----w- c:\documents and settings\Administrator\Local Settings\Application Data\Sunbelt Software
2011-05-15 15:52 . 2011-05-15 15:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{91EC863D-D912-4466-91CC-9489A4A2ADD3}
2011-05-15 15:50 . 2011-05-15 15:55 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2011-05-15 15:50 . 2011-05-15 15:50 -------- d-----w- c:\program files\Lavasoft
2011-05-15 15:03 . 2011-05-15 15:03 -------- d--h--w- c:\windows\system32\GroupPolicy
2011-05-08 14:31 . 2011-05-23 15:19 115369 ----a-w- c:\windows\system32\drivers\klin.dat
2011-05-08 14:31 . 2011-05-08 14:47 97859 ----a-w- c:\windows\system32\drivers\klick.dat
2011-05-08 14:28 . 2011-06-02 13:23 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2011-05-08 14:28 . 2011-05-08 14:28 -------- d-----w- c:\program files\Kaspersky Lab
2011-05-08 14:21 . 2011-05-08 14:21 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
.
.
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2011-05-15 21:17 . 2009-01-04 14:53 4454 ----a-w- c:\windows\system32\tmp.reg
2011-03-07 05:33 . 2004-08-04 11:00 692736 ----a-w- c:\windows\system32\inetcomm.dll
.
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
.
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="files\ares\ares.exe -h" [X]
"LightScribe Control Panel"="c:\program files\Common Files\LightScribe\LightScribeControlPanel.exe" [2007-07-18 451872]
"ISUSPM"="c:\program files\Common Files\InstallShield\UpdateService\ISUSPM.exe" [2007-08-30 205480]
.
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DivX Download Manager"="files\divx\divx plus web player\ddmservice.exe start" [X]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2004-08-20 118784]
"SunJavaUpdateSched"="c:\program files\Common Files\Java\Java Update\jusched.exe" [2010-05-14 248552]
"DVDLauncher"="c:\program files\CyberLink\PowerDVD\DVDLauncher.exe" [2004-04-26 53248]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2010-04-04 36272]
"Adobe ARM"="c:\program files\Common Files\Adobe\ARM\1.0\AdobeARM.exe" [2010-09-21 932288]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2010-03-19 421888]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2010-10-16 110696]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2010-10-16 13851752]
"nwiz"="c:\program files\NVIDIA Corporation\nView\nwiz.exe" [2010-08-26 1753192]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2007-03-01 153136]
"BlackBerryAutoUpdate"="c:\program files\Common Files\Research In Motion\Auto Update\RIMAutoUpdate.exe" [2008-11-04 615696]
"RoxWatchTray"="c:\program files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatchTray9.exe" [2008-09-19 236016]
"avp"="c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\avp.exe" [2010-11-03 365336]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-02-26 437160]
.
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"_Sym_MI_"="c:\temp\Clt-Inst\setup.exe" [2003-04-26 36340787]
.
c:\documents and settings\All Users\Start Menu\Programs\Startup\
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2010-12-26 106560]
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-591613016-1303577091-1238779560-7608\Scripts\Logon\0\0]
"Script"=LogonInIE_Halstead_BH.vbs
.
[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\group policy\state\S-1-5-21-591613016-1303577091-1238779560-7619\Scripts\Logon\0\0]
"Script"=LogonInIE_Halstead_BH.vbs
.
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"
.
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
.
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Documents and Settings\\Administrator\\Local Settings\\Application Data\\Google\\Chrome\\Application\\chrome.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
.
R1 kl2;kl2;c:\windows\SYSTEM32\DRIVERS\kl2.sys [6/9/2010 4:43 PM 11352]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\SYSTEM32\DRIVERS\klim5.sys [5/7/2010 11:06 AM 32856]
R3 klmouflt;Kaspersky Lab KLMOUFLT;c:\windows\SYSTEM32\DRIVERS\klmouflt.sys [11/2/2009 7:27 PM 19472]
S1 MpKsl4e1904d2;MpKsl4e1904d2;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3FF1A60E-93C2-41A8-B49E-26EADC7F2D7E}\MpKsl4e1904d2.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{3FF1A60E-93C2-41A8-B49E-26EADC7F2D7E}\MpKsl4e1904d2.sys [?]
S1 MpKsl5ce666ad;MpKsl5ce666ad;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A5A8C23-70B5-4229-B5CD-23174C4622B6}\MpKsl5ce666ad.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{4A5A8C23-70B5-4229-B5CD-23174C4622B6}\MpKsl5ce666ad.sys [?]
S1 MpKsl603e5bb1;MpKsl603e5bb1;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8EB51440-927E-41E8-9822-363EDD45E3F0}\MpKsl603e5bb1.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{8EB51440-927E-41E8-9822-363EDD45E3F0}\MpKsl603e5bb1.sys [?]
S1 MpKsl62c1306d;MpKsl62c1306d;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AF6C6FD8-41B4-44E5-A6C4-FD6B476D7E1C}\MpKsl62c1306d.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{AF6C6FD8-41B4-44E5-A6C4-FD6B476D7E1C}\MpKsl62c1306d.sys [?]
S1 MpKslb94c7e9a;MpKslb94c7e9a;\??\c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B943003-9C08-442A-AF39-32DAAA4D5620}\MpKslb94c7e9a.sys --> c:\documents and settings\All Users\Application Data\Microsoft\Microsoft Antimalware\Definition Updates\{9B943003-9C08-442A-AF39-32DAAA4D5620}\MpKslb94c7e9a.sys [?]
S3 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [4/25/2011 8:00 PM 2151128]
S3 Lavasoft Kernexplorer;Lavasoft helper driver;c:\program files\Lavasoft\Ad-Aware\kernexplorer.sys [4/25/2011 8:00 PM 15232]
.
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
2007-07-18 22:53 451872 ----a-w- c:\program files\Common Files\LightScribe\LSRunOnce.exe
.
Contents of the 'Scheduled Tasks' folder
.
2011-06-01 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2011-04-26 09:11]
.
2011-05-26 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2009-10-22 15:50]
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3732041480-3533148201-401458423-500Core.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-29 23:14]
.
2011-06-02 c:\windows\Tasks\GoogleUpdateTaskUserS-1-5-21-3732041480-3533148201-401458423-500UA.job
- c:\documents and settings\Administrator\Local Settings\Application Data\Google\Update\GoogleUpdate.exe [2010-05-29 23:14]
.
.
------- Supplementary Scan -------
.
uInternet Connection Wizard,ShellNext = hxxp://www.dell.com/
uInternet Settings,ProxyOverride = *.local
IE: Add to Anti-Banner - c:\program files\Kaspersky Lab\Kaspersky Internet Security 2011\ie_banner_deny.htm
TCP: DhcpNameServer = 172.16.0.193 172.16.0.194 172.16.0.191 172.16.0.192
.
- - - - ORPHANS REMOVED - - - -
.
Toolbar-Locked - (no file)
HKCU-Run-BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA} - files\common files\ahead\lib\nmbgmonitor.exe
HKLM-Run-IgfxTray - (no file)
HKLM-Run-iTunesHelper - files\itunes\ituneshelper.exe
HKLM-Run-DivXUpdate - files\divx\divx update\divxupdate.exe
HKLM-Run-ContentTransferWMDetector.exe - files\sony\content transfer\contenttransferwmdetector.exe
.
.
.
**************************************************************************
.
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2011-06-02 10:31
Windows 5.1.2600 Service Pack 3 NTFS
.
scanning hidden processes ...
.
scanning hidden autostart entries ...
.
scanning hidden files ...
.
scan completed successfully
hidden files: 0
.
**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------
.
[HKEY_USERS\S-1-5-21-3732041480-3533148201-401458423-500\Software\Microsoft\Internet Explorer\User Preferences]
@Denied: (2) (Administrator)
"88D7D0879DAB32E14DE5B3A805A34F98AFF34F5977"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,51,49,08,48,54,a5,26,41,9b,7d,af,\
"2D53CFFC5C1A3DD2E97B7979AC2A92BD59BC839E81"=hex:01,00,00,00,d0,8c,9d,df,01,15,
d1,11,8c,7a,00,c0,4f,c2,97,eb,01,00,00,00,01,3b,4c,ff,16,85,ab,4b,9c,4b,be,\
.
--------------------- DLLs Loaded Under Running Processes ---------------------
.
- - - - - - - > 'explorer.exe'(2236)
c:\windows\system32\WININET.dll
c:\program files\NVIDIA Corporation\nView\nview.dll
c:\windows\WinSxS\x86_Microsoft.VC80.CRT_1fc8b3b9a1e18e3b_8.0.50727.4053_x-ww_e6967989\MSVCR80.dll
c:\program files\Common Files\Ahead\Lib\NeroSearchBar.dll
c:\program files\Common Files\Ahead\Lib\MFC71U.DLL
c:\program files\Common Files\Ahead\Lib\BCGCBPRO860un71.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\nvsvc32.exe
c:\program files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe
c:\windows\system32\basfipm.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Dell\OpenManage\Client\Iap.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\Common Files\LightScribe\LSSrvc.exe
c:\windows\system32\HPZipm12.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\RUNDLL32.EXE
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2011-06-02 10:37:32 - machine was rebooted
ComboFix-quarantined-files.txt 2011-06-02 14:37
.
Pre-Run: 20,709,138,432 bytes free
Post-Run: 20,501,815,296 bytes free
.
WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
UnsupportedDebug="do not select this" /debug
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect
.
Current=2 Default=2 Failed=3 LastKnownGood=1 Sets=1,2,3,4
- - End Of File - - 20A42636450038BACFD1460D46341576

BC AdBot (Login to Remove)

 


#2 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:14 PM

Posted 09 June 2011 - 08:52 PM

Hello celabella and welcome to Bleeping Computer! :welcome:

We apologize for the delay in responding to your request for help. Here at Bleeping Computer we get overwhelmed at times, and we are trying our best to keep up. Please note that your topic was not intentionally overlooked. Our mission is to help everyone in need, but sometimes it takes just a little longer to get to every request for help. No one is ignored here. :thumbup2:

Please print or save this topic: it will make it easier for you to follow the instructions and complete all of the necessary steps.

-------------

Please download to your Desktop:
  • TDSSKiller.zip from here and extract it (right click on it => "Extract here").

>>> TDSSKiller: Double-click on TDSSKiller.exe to run the application.
  • Click on the Start Scan button and wait for the scan and disinfection process to be over.
  • If an infected file is detected, the default action will be Cure, click on Continue Posted Image
  • If a suspicious file is detected, the default action will be Skip, click on Continue Posted Image
  • If you are asked to reboot the computer to complete the process, click on the Reboot Now button. A report will be automatically saved at the root of the System drive ((usually C:\) in the form of "TDSSKiller.[Version]_[Date]_[Time]_log.txt" (for example, C:\TDSSKiller.2.2.0_20.12.2009_15.31.43_log.txt). Please copy and paste the contents of that file here.
  • If no reboot is required, click on Report. A log file will appear. Please copy and paste the contents of that file in your next reply.

In your next reply, please include the following (you may need to use two posts to get it all in):
  • TDSSKiller_log.txt
how the PC is running now?


-------------

Please download Security Check by screen317 from here or here.
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.

-------------

In your next reply, please include:
  • TDSSKiller logfile
  • Security Check checkup.txt

How is your computer running now?
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#3 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:14 PM

Posted 18 June 2011 - 09:39 PM

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them. :wink:
If not, please let me know so I can close this topic.

-DFB
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#4 celabella

celabella
  • Topic Starter

  • Members
  • 5 posts
  • OFFLINE
  •  
  • Local time:08:14 PM

Posted 20 June 2011 - 11:41 AM

thank you for your response I will do that tonight and i will let you know . thank you

#5 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:14 PM

Posted 29 June 2011 - 10:06 PM

(bump)

Are you still with me? If your problems still persist, let me know and we'll go about fixing them. :wink:
If not, please let me know so I can close this topic.

-DFB
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!

#6 D-FRED-BROWN

D-FRED-BROWN

    Resident Bracketologist


  • Malware Response Team
  • 834 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Kansas, USA
  • Local time:08:14 PM

Posted 05 July 2011 - 12:01 PM

Due to the lack of feedback, this topic is now closed.In the event you still have problems, please send me or any Moderator a Private Message and ask them to reopen this topic within the next 5 days. Please include a link to your topic in the Private Message. Thank you.
Proud graduate of SpywareInfo Bootcamp
Follow me on Twitter! @dfredbrown
Posted Image
Unified Network of Instructors and Trained Eliminators

I volunteer my free time to help you. Please consider making a donation so I can continue helping people like you.
Posted Image
Thank you!




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users