jcarr
-
Posts
20 -
Joined
-
Last visited
Content Type
Events
Profiles
Forums
Everything posted by jcarr
-
how to get rid of this malware permanetly? this computer is ungodly slow! Attach.txt DDS.txt
-
think there is still a problem but with iexplore... ie8 locks up alot lately and i have 2 iexplore running
-
nope think im good now thx alot
-
ok so there no dangerous items left? ill just have it ignore it then
-
when i started mbam it said dda error mbam_log_2010_07_06__00_55_49_.txt
-
mbam found it again
-
ok now today the fix worked i did it now im going to restart my cpu and see if mbam find it again
-
still not gettin it this is the text i have in Windows Registry Editor Version 5.00 [HKEY_CLASSES_ROOT\.scr] @="scrfile" [HKEY_CLASSES_ROOT\.scr\OpenWithList] [HKEY_CLASSES_ROOT\.scr\OpenWithList\devenv.exe] @="" [HKEY_CLASSES_ROOT\scrfile] @="Screen Saver" [HKEY_CLASSES_ROOT\scrfile\shell] [HKEY_CLASSES_ROOT\scrfile\shell\config] @="C&onfigure" [HKEY_CLASSES_ROOT\scrfile\shell\config\command] @="\"%1\"" [HKEY_CLASSES_ROOT\scrfile\shell\install] @="&Install" [HKEY_CLASSES_ROOT\scrfile\shell\install\command] @="rundll32.exe desk.cpl,InstallScreenSaver %l" [HKEY_CLASSES_ROOT\scrfile\shell\open] @="T&est" [HKEY_CLASSES_ROOT\scrfile\shell\open\command] @="\"%1\" /S" [HKEY_CLASSES_ROOT\scrfile\shellex] [HKEY_CLASSES_ROOT\scrfile\shellex\DropHandler] @="{86C86720-42A0-1069-A2E8-08002B30309D}" [HKEY_CLASSES_ROOT\.txt] @="txtfile" "PerceivedType"="text" "Content Type"="text/plain" [HKEY_CLASSES_ROOT\.txt\PersistentHandler] @="{5e941d80-bf96-11cd-b579-08002b30bfeb}" [HKEY_CLASSES_ROOT\.txt\ShellNew] "NullFile"="" [HKEY_CLASSES_ROOT\txtfile] @="Text Document" "FriendlyTypeName"=hex(2):40,00,25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,\ 00,6f,00,6f,00,74,00,25,00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,\ 32,00,5c,00,6e,00,6f,00,74,00,65,00,70,00,61,00,64,00,2e,00,65,00,78,00,65,\ 00,2c,00,2d,00,34,00,36,00,39,00,00,00 "EditFlags"=dword:00010000 "BrowserFlags"=dword:00000008 [HKEY_CLASSES_ROOT\txtfile\DefaultIcon] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,73,00,68,00,\ 65,00,6c,00,6c,00,33,00,32,00,2e,00,64,00,6c,00,6c,00,2c,00,2d,00,31,00,35,\ 00,32,00,00,00 [HKEY_CLASSES_ROOT\txtfile\shell] @="open" [HKEY_CLASSES_ROOT\txtfile\shell\open] [HKEY_CLASSES_ROOT\txtfile\shell\open\command] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\ 54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,25,00,31,00,00,\ 00 [HKEY_CLASSES_ROOT\txtfile\shell\print] [HKEY_CLASSES_ROOT\txtfile\shell\print\command] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,4e,00,4f,00,\ 54,00,45,00,50,00,41,00,44,00,2e,00,45,00,58,00,45,00,20,00,2f,00,70,00,20,\ 00,25,00,31,00,00,00 [HKEY_CLASSES_ROOT\txtfile\shell\printto] [HKEY_CLASSES_ROOT\txtfile\shell\printto\command] @=hex(2):25,00,53,00,79,00,73,00,74,00,65,00,6d,00,52,00,6f,00,6f,00,74,00,25,\ 00,5c,00,73,00,79,00,73,00,74,00,65,00,6d,00,33,00,32,00,5c,00,6e,00,6f,00,\ 74,00,65,00,70,00,61,00,64,00,2e,00,65,00,78,00,65,00,20,00,2f,00,70,00,74,\ 00,20,00,22,00,25,00,31,00,22,00,20,00,22,00,25,00,32,00,22,00,20,00,22,00,\ 25,00,33,00,22,00,20,00,22,00,25,00,34,00,22,00,00,00 where does REDEDIT4 come in?
-
k i backed it up and copied the quote into the notepad but when i open it, it dosent give me a prompt
-
i havent messed with that
-
i do notice quite of few lag spikes and ie8 dosent respond alot
-
i dont think theres a real noticable difference?? when i first got it it ate up my cpu then i got rid of the big problem but it still says that there a registry error. system mechanic says there are 2 dll errors but it never repairs it? i dont think im in any danger but it would be nice to get rid of the remnants of the virus
-
just did mbam found the 2 registry errors again mbam_log_2010_06_26__16_31_40_.txt
-
k i restarted and it booted up alot faster than before and i updated java and firefox
-
Scanning Report Saturday, June 26, 2010 23:47:12 - 01:08:37 Computer name: OWNER-3920829 Scanning type: Scan system for malware, spyware and rootkits Target: C:\ -------------------------------------------------------------------------------- No malware found -------------------------------------------------------------------------------- Statistics Scanned: Files: 53089 System: 3367 Not scanned: 11 Actions: Disinfected: 0 Renamed: 0 Deleted: 0 Not cleaned: 0 Submitted: 0 Files not scanned: C:\PAGEFILE.SYS C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT C:\WINDOWS\SYSTEM32\CONFIG\SAM C:\WINDOWS\SYSTEM32\CONFIG\SECURITY C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM C:\WINDOWS\SYSTEM32\CATROOT2\{127D0A1D-4EF2-11D1-8608-00C04FC295EE}\CATDB C:\WINDOWS\SYSTEM32\CATROOT2\{F750E6C3-38EE-11D1-85E5-00C04FC295EE}\CATDB C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\HSPERFDATA_OWNER\2676 C:\DOCUMENTS AND SETTINGS\OWNER\LOCAL SETTINGS\TEMP\HSPERFDATA_OWNER\2932 C:\DOCUMENTS AND SETTINGS\OWNER\APPLICATION DATA\CHECKPOINT\ZONEALARM FORCEFIELD\SITES -------------------------------------------------------------------------------- Options Scanning engines: Scanning options: Scan defined files: COM EXE SYS OV? BIN SCR DLL SHS HTM HTML HTT VBS JS INF VXD DO? XL? RTF CPL WIZ HTA PP? PWZ P?T MSO PIF . ACM ASP AX CNV CSC DRV INI MDB MPD MPP MPT OBD OBT OCX PCI TLB TSP WBK WBT WPC WSH VWP WML BOO HLP TD0 TT6 MSG ASD JSE VBE WSC CHM EML PRC SHB LNK WSF {* PDF ZL? XML XXX ANI AVB BAT CMD JOB LSP MAP MHT MIF PHP POT SWF WMF NWS TAR Use advanced heuristics -------------------------------------------------------------------------------- Copyright
-
ComboFix 10-06-25.02 - Owner 06/25/2010 23:09:03.2.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1096 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe Command switches used :: c:\documents and settings\Owner\Desktop\CFScript.txt AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: ZoneAlarm Extreme Security Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\windows\Oyobazukohomal.bin c:\windows\Rzoracupodovuj.dat . ((((((((((((((((((((((((( Files Created from 2010-05-26 to 2010-06-26 ))))))))))))))))))))))))))))))) . 2010-06-15 01:47 . 2010-06-15 01:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2010-06-15 01:45 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-15 01:45 . 2010-06-15 01:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-15 01:45 . 2010-06-15 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-15 01:45 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-14 21:41 . 2010-06-14 21:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert 2010-06-14 21:28 . 2010-06-08 02:16 763832 ----a-w- c:\windows\BDTSupport.dll 2010-06-14 21:28 . 2010-06-08 00:21 1652664 ----a-w- c:\windows\PCTBDCore.dll 2010-06-14 21:28 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-06-14 21:28 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-06-14 21:28 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip 2010-06-14 21:28 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip 2010-06-14 21:25 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-06-14 21:24 . 2010-06-14 22:11 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-06-14 21:24 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-06-14 21:24 . 2010-06-14 22:11 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-06-14 21:24 . 2010-06-14 21:29 -------- d-----w- c:\program files\Common Files\PC Tools 2010-06-14 21:24 . 2010-06-24 06:44 -------- d-----w- c:\program files\Spyware Doctor 2010-06-14 21:24 . 2010-06-14 21:24 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools 2010-06-14 21:24 . 2010-06-14 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2010-06-10 02:29 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-02 19:33 . 2010-06-02 19:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Audacity 2010-06-02 19:07 . 2009-09-27 14:39 369152 ----a-w- c:\windows\system32\avisynth.dll 2010-06-02 19:07 . 2004-02-22 15:11 719872 ----a-w- c:\windows\system32\devil.dll 2010-06-02 19:07 . 2010-06-02 19:07 -------- d-----w- c:\program files\AviSynth 2.5 2010-06-02 19:07 . 2004-01-25 05:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll 2010-06-02 19:07 . 2004-01-25 05:00 70656 ----a-w- c:\windows\system32\i420vfw.dll 2010-06-02 19:06 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll 2010-06-02 19:06 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2010-06-02 19:06 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2010-06-02 19:06 . 2010-06-02 19:06 -------- d-----w- c:\program files\eRightSoft 2010-06-02 06:25 . 2010-06-02 06:25 -------- d--h--w- c:\windows\PIF 2010-06-02 01:43 . 2010-06-02 01:49 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-06-02 01:43 . 2010-06-02 05:46 -------- d-----w- c:\program files\Samsung 2010-05-27 19:02 . 2010-05-27 20:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\uuqlglqch . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-26 04:04 . 2009-01-09 01:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-06-26 03:54 . 2010-03-08 03:25 144 ----a-w- c:\windows\system32\pdfl.dat 2010-06-24 13:27 . 2009-01-09 01:35 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-06-22 22:19 . 2009-01-11 02:19 1531 ----a-w- c:\documents and settings\Owner\Application Data\iolo\restore.bat 2010-06-22 21:29 . 2010-06-22 21:29 2592549 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2010-06-21 21:14 . 2010-04-08 20:57 -------- d-----w- c:\program files\World of Warcraft 2010-06-19 18:45 . 2009-01-10 21:06 -------- d-----w- c:\documents and settings\Owner\Application Data\iolo 2010-06-15 18:49 . 2010-06-15 18:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-06-14 05:39 . 2010-06-14 05:39 20 ----a-w- c:\windows\system32\config\systemprofile\Application Data\qcopjv.dat 2010-06-10 06:50 . 2009-01-08 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-05 18:56 . 2008-11-26 15:18 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-05 07:51 . 2009-03-29 03:49 -------- d-----w- c:\program files\Lexmark X1100 Series 2010-06-02 20:28 . 2009-02-05 02:59 -------- d-----w- c:\program files\OpenOffice.org 3 2010-06-02 19:01 . 2009-06-30 04:50 -------- d-----w- c:\documents and settings\Owner\Application Data\AVS4YOU 2010-06-02 19:01 . 2009-06-30 04:47 -------- d-----w- c:\program files\AVS4YOU 2010-06-02 06:36 . 2008-11-26 16:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-02 05:47 . 2010-06-02 01:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Samsung 2010-06-02 05:39 . 2010-06-02 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Samsung 2010-05-28 19:22 . 2009-01-08 03:18 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire 2010-05-21 03:44 . 2010-05-21 03:42 -------- d-----w- c:\program files\iTunes 2010-05-21 03:43 . 2010-05-21 03:43 -------- d-----w- c:\program files\iPod 2010-05-21 03:43 . 2009-01-09 23:53 -------- d-----w- c:\program files\Common Files\Apple 2010-05-21 03:37 . 2010-05-21 03:37 -------- d-----w- c:\program files\Bonjour 2010-05-21 03:34 . 2010-05-21 03:34 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe 2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-06 02:29 . 2009-02-05 03:04 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-28 21:11 . 2009-01-10 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo 2010-04-26 21:31 . 2009-03-11 00:06 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-04-22 21:05 . 2010-04-22 21:05 98304 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll 2010-04-21 19:46 . 2009-08-06 18:15 93096 ----a-w- c:\windows\system32\IncContxMenu.dll 2010-04-21 19:46 . 2009-01-09 03:02 2316712 ----a-w- c:\windows\system32\Incinerator.dll 2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-18 02:01 . 2010-04-18 02:01 50354 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\uninstall.exe 2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-03-31 05:16 . 2010-03-31 05:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-03-31 05:10 . 2010-03-31 05:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2006-05-03 09:06 . 2010-06-02 19:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2010-06-02 19:06 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 . 2010-06-02 19:06 216064 --sh--r- c:\windows\system32\nbDX.dll . (((((((((((((((((((((((((((((((((((((((((((( Look ))))))))))))))))))))))))))))))))))))))))))))))))))))))))) . ---- Directory of c:\windows\system32\config\systemprofile\Application Data\qcopjv.dat ---- ((((((((((((((((((((((((((((( SnapShot@2010-06-24_07.18.51 ))))))))))))))))))))))))))))))))))))))))) . - 2010-04-28 21:25 . 2010-06-24 07:09 17920 c:\windows\system32\ZoneLabs\zlqrtdb.dat + 2010-04-28 21:25 . 2010-06-26 04:09 17920 c:\windows\system32\ZoneLabs\zlqrtdb.dat + 2010-06-25 01:21 . 2010-06-25 01:21 35973 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\apu\apu0004.dat + 2010-06-25 01:21 . 2010-06-25 01:21 89930 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\apu\apu0003.dat + 2010-06-25 01:21 . 2010-06-25 01:21 84490 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\apu\apu0002.dat + 2010-06-25 01:21 . 2010-06-25 01:21 65275 c:\windows\system32\ZoneLabs\avsys\temp\update\rollback\bases\apu\apu0001.dat + 2010-05-27 17:58 . 2010-06-24 22:24 42078 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0011.dat + 2010-03-08 03:45 . 2010-06-24 07:24 90114 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0009.dat + 2010-03-08 03:45 . 2010-06-24 22:24 90055 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0005.dat - 2010-03-08 03:45 . 2010-06-24 04:00 90055 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0005.dat + 2010-03-08 03:45 . 2010-06-24 22:24 57297 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0003.dat + 2010-03-08 03:44 . 2010-06-24 22:24 54724 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0002.dat + 2010-03-08 03:44 . 2010-06-24 22:24 54857 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\wmuf\wmuf0001.dat + 2010-03-23 21:37 . 2010-06-24 13:17 48432 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\blst\bl0018.dat + 2010-05-06 20:25 . 2010-06-25 01:21 36001 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0004.dat + 2010-03-08 03:44 . 2010-06-25 01:21 89926 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0003.dat + 2010-03-08 03:44 . 2010-06-25 01:21 84488 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0002.dat + 2010-03-08 03:44 . 2010-06-25 01:21 65281 c:\windows\system32\ZoneLabs\avsys\temp\temporaryFolder\bases\apu\apu0001.dat + 2010-05-27 17:58 . 2010-06-24 22:24 42078 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0011.dat + 2010-03-08 03:46 . 2010-06-24 07:24 90114 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0009.dat + 2010-03-08 03:25 . 2010-06-24 22:24 90055 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0005.dat - 2010-03-08 03:25 . 2010-06-24 04:00 90055 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0005.dat + 2010-03-08 03:25 . 2010-06-24 22:24 57297 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0003.dat + 2010-03-08 03:25 . 2010-06-24 22:24 54724 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0002.dat + 2010-03-08 03:25 . 2010-06-24 22:24 54857 c:\windows\system32\ZoneLabs\avsys\bases\wmuf0001.dat + 2010-03-23 21:37 . 2010-06-24 13:17 48432 c:\windows\system32\ZoneLabs\avsys\bases\bl0018.dat + 2010-05-06 20:25 . 2010-06-25 01:21 36001 c:\windows\system32\ZoneLabs\avsys\bases\apu0004.dat + 2010-03-08 03:24 . 2010-06-25 01:21 89926 c:\windows\system32\ZoneLabs\avsys\bases\apu0003.dat + 2010-03-08 03:24 . 2010-06-25 01:21 84488 c:\windows\system32\ZoneLabs\avsys\bases\apu0002.dat + 2010-03-08 03:24 . 2010-06-25 01:21 65281 c:\windows\system32\ZoneLabs\avsys\bases\apu0001.dat - 2010-06-24 07:06 . 2010-06-24 07:06 196608 c:\windows\Temp\sfdb.dat + 2010-06-26 03:55 . 2010-06-26 03:55 196608 c:\windows\Temp\sfdb.dat + 2010-06-26 03:55 . 2010-06-26 03:55 262144 c:\windows\Temp\iswift.dat - 2010-06-24 07:06 . 2010-06-24 07:06 262144 c:\windows\Temp\iswift.dat . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-03-11 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-03-11 114688] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2008-05-16 1630208] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\Owner\Application Data\iolo [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/14/2010 4:24 PM 218592] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [6/14/2010 4:28 PM 112592] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/10/2009 4:09 PM 704432] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/10/2009 4:09 PM 704432] R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 8:30 AM 25208] R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 8:30 AM 476528] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/14/2010 4:24 PM 366840] R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [1/8/2009 9:57 PM 598856] S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [10/14/2009 8:29 AM 35448] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.facebook.com/ uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5555 DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1271556074359 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5swmy8tr.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaExtensions.dll FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . ************************************************************************** disk not found C:\ please note that you need administrator rights to perform deep scan scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @DACL=(02 0011) @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] @DACL=(02 0011) "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @DACL=(02 0011) @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @DACL=(02 0011) @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @DACL=(02 0011) @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @DACL=(02 0011) @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @DACL=(02 0011) @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2010-06-25 23:21:24 ComboFix-quarantined-files.txt 2010-06-26 04:21 ComboFix2.txt 2010-06-24 07:22 Pre-Run: 1,384,632,320 bytes free Post-Run: 1,379,033,088 bytes free - - End Of File - - 2049D54B5393782A32F0A13F1A29C804 mbam didnt find nething .... i never got that message i did drag the file on the exe so idk
-
i did a rootkit scan after with zone alarm and it found more. but i dont think it will stay deleted
-
ComboFix 10-06-23.03 - Owner 06/24/2010 2:09.1.1 - x86 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.1077 [GMT -5:00] Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} FW: ZoneAlarm Extreme Security Firewall *disabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} * Resident AV is active . ((((((((((((((((((((((((((((((((((((((( Other Deletions ))))))))))))))))))))))))))))))))))))))))))))))))) . c:\documents and settings\Owner\Local Settings\Application Data\{F822BCF4-E8CB-41DA-83D0-75C441822A62} c:\documents and settings\Owner\Local Settings\Application Data\{F822BCF4-E8CB-41DA-83D0-75C441822A62}\chrome.manifest c:\documents and settings\Owner\Local Settings\Application Data\{F822BCF4-E8CB-41DA-83D0-75C441822A62}\chrome\content\_cfg.js c:\documents and settings\Owner\Local Settings\Application Data\{F822BCF4-E8CB-41DA-83D0-75C441822A62}\chrome\content\overlay.xul c:\documents and settings\Owner\Local Settings\Application Data\{F822BCF4-E8CB-41DA-83D0-75C441822A62}\install.rdf c:\program files\Search Settings c:\program files\Search Settings\kb127\SearchSettings.dll c:\program files\Search Settings\kb127\SearchSettingsRes409.dll c:\program files\Search Settings\SearchSettings.exe c:\windows\aquwuhuropifatu.dll c:\windows\system32\AVSredirect.dll c:\windows\system32\drivers\etc\lmhosts . ((((((((((((((((((((((((( Files Created from 2010-05-24 to 2010-06-24 ))))))))))))))))))))))))))))))) . 2010-06-15 01:47 . 2010-06-15 01:47 -------- d-----w- c:\documents and settings\Owner\Application Data\Malwarebytes 2010-06-15 01:45 . 2010-04-29 20:39 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-15 01:45 . 2010-06-15 01:47 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-15 01:45 . 2010-06-15 01:45 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes 2010-06-15 01:45 . 2010-04-29 20:39 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-14 21:41 . 2010-06-14 21:41 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\Threat Expert 2010-06-14 21:28 . 2010-06-08 02:16 763832 ----a-w- c:\windows\BDTSupport.dll 2010-06-14 21:28 . 2010-06-08 00:21 1652664 ----a-w- c:\windows\PCTBDCore.dll 2010-06-14 21:28 . 2010-01-22 14:56 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-06-14 21:28 . 2010-01-22 14:56 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-06-14 21:28 . 2009-10-28 06:36 1152444 ----a-w- c:\windows\UDB.zip 2010-06-14 21:28 . 2008-11-26 17:08 131 ----a-w- c:\windows\IDB.zip 2010-06-14 21:25 . 2010-02-05 14:17 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-06-14 21:24 . 2010-06-14 22:11 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-06-14 21:24 . 2009-11-23 18:54 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-06-14 21:24 . 2010-06-14 22:11 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-06-14 21:24 . 2010-06-14 21:29 -------- d-----w- c:\program files\Common Files\PC Tools 2010-06-14 21:24 . 2010-06-24 06:44 -------- d-----w- c:\program files\Spyware Doctor 2010-06-14 21:24 . 2010-06-14 21:24 -------- d-----w- c:\documents and settings\Owner\Application Data\PC Tools 2010-06-14 21:24 . 2010-06-14 21:24 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools 2010-06-14 05:41 . 2010-06-24 05:49 120 ----a-w- c:\windows\Rzoracupodovuj.dat 2010-06-14 05:41 . 2010-06-24 05:49 0 ----a-w- c:\windows\Oyobazukohomal.bin 2010-06-10 02:29 . 2010-05-06 10:41 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-02 19:33 . 2010-06-02 19:42 -------- d-----w- c:\documents and settings\Owner\Application Data\Audacity 2010-06-02 19:07 . 2009-09-27 14:39 369152 ----a-w- c:\windows\system32\avisynth.dll 2010-06-02 19:07 . 2004-02-22 15:11 719872 ----a-w- c:\windows\system32\devil.dll 2010-06-02 19:07 . 2010-06-02 19:07 -------- d-----w- c:\program files\AviSynth 2.5 2010-06-02 19:07 . 2004-01-25 05:00 70656 ----a-w- c:\windows\system32\yv12vfw.dll 2010-06-02 19:07 . 2004-01-25 05:00 70656 ----a-w- c:\windows\system32\i420vfw.dll 2010-06-02 19:06 . 2008-03-16 12:30 216064 --sh--r- c:\windows\system32\nbDX.dll 2010-06-02 19:06 . 2007-02-21 10:47 31232 --sh--r- c:\windows\system32\msfDX.dll 2010-06-02 19:06 . 2006-05-03 09:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2010-06-02 19:06 . 2010-06-02 19:06 -------- d-----w- c:\program files\eRightSoft 2010-06-02 06:25 . 2010-06-02 06:25 -------- d--h--w- c:\windows\PIF 2010-06-02 01:43 . 2010-06-02 01:49 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-06-02 01:43 . 2010-06-02 05:46 -------- d-----w- c:\program files\Samsung 2010-05-27 19:02 . 2010-05-27 20:43 -------- d-----w- c:\documents and settings\Owner\Local Settings\Application Data\uuqlglqch . (((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))) . 2010-06-24 07:05 . 2009-01-09 01:27 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP 2010-06-24 06:57 . 2010-03-08 03:25 144 ----a-w- c:\windows\system32\pdfl.dat 2010-06-23 16:12 . 2009-01-09 01:35 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-06-22 22:19 . 2009-01-11 02:19 1531 ----a-w- c:\documents and settings\Owner\Application Data\iolo\restore.bat 2010-06-22 21:29 . 2010-06-22 21:29 2592549 ----a-w- c:\windows\Internet Logs\tvDebug.Zip 2010-06-21 21:14 . 2010-04-08 20:57 -------- d-----w- c:\program files\World of Warcraft 2010-06-19 18:45 . 2009-01-10 21:06 -------- d-----w- c:\documents and settings\Owner\Application Data\iolo 2010-06-15 18:49 . 2010-06-15 18:49 -------- d-----w- c:\documents and settings\Administrator\Application Data\Malwarebytes 2010-06-14 05:39 . 2010-06-14 05:39 20 ----a-w- c:\windows\system32\config\systemprofile\Application Data\qcopjv.dat 2010-06-10 06:50 . 2009-01-08 00:41 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help 2010-06-05 18:56 . 2008-11-26 15:18 -------- d-----w- c:\program files\Microsoft Silverlight 2010-06-05 07:51 . 2009-03-29 03:49 -------- d-----w- c:\program files\Lexmark X1100 Series 2010-06-02 20:28 . 2009-02-05 02:59 -------- d-----w- c:\program files\OpenOffice.org 3 2010-06-02 19:01 . 2009-06-30 04:50 -------- d-----w- c:\documents and settings\Owner\Application Data\AVS4YOU 2010-06-02 19:01 . 2009-06-30 04:47 -------- d-----w- c:\program files\AVS4YOU 2010-06-02 06:36 . 2008-11-26 16:19 -------- d--h--w- c:\program files\InstallShield Installation Information 2010-06-02 05:47 . 2010-06-02 01:51 -------- d-----w- c:\documents and settings\Owner\Application Data\Samsung 2010-06-02 05:39 . 2010-06-02 05:39 -------- d-----w- c:\documents and settings\All Users\Application Data\Samsung 2010-05-28 19:22 . 2009-01-08 03:18 -------- d-----w- c:\documents and settings\Owner\Application Data\LimeWire 2010-05-21 03:44 . 2010-05-21 03:42 -------- d-----w- c:\program files\iTunes 2010-05-21 03:43 . 2010-05-21 03:43 -------- d-----w- c:\program files\iPod 2010-05-21 03:43 . 2009-01-09 23:53 -------- d-----w- c:\program files\Common Files\Apple 2010-05-21 03:37 . 2010-05-21 03:37 -------- d-----w- c:\program files\Bonjour 2010-05-21 03:34 . 2010-05-21 03:34 73000 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.1.1.12\SetupAdmin.exe 2010-05-06 10:41 . 2004-08-04 12:00 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-06 02:29 . 2009-02-05 03:04 1 ----a-w- c:\documents and settings\Owner\Application Data\OpenOffice.org\3\user\uno_packages\cache\stamp.sys 2010-05-02 05:22 . 2004-08-04 12:00 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-28 21:11 . 2009-01-10 21:06 -------- d-----w- c:\documents and settings\All Users\Application Data\iolo 2010-04-26 22:15 . 2010-04-26 22:15 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Drivers HeadQuarters Inc 2010-04-26 22:12 . 2010-04-26 22:12 -------- d-----w- c:\documents and settings\Owner\Application Data\GetRightToGo 2010-04-26 21:31 . 2009-03-11 00:06 664 ----a-w- c:\windows\system32\d3d9caps.dat 2010-04-22 21:05 . 2010-04-22 21:05 98304 ----a-w- c:\documents and settings\Owner\Application Data\LimeWire\browser\xulrunner\nssdbm3.dll 2010-04-21 19:46 . 2009-08-06 18:15 93096 ----a-w- c:\windows\system32\IncContxMenu.dll 2010-04-21 19:46 . 2009-01-09 03:02 2316712 ----a-w- c:\windows\system32\Incinerator.dll 2010-04-20 05:30 . 2004-08-04 12:00 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-18 02:01 . 2010-04-18 02:01 50354 ----a-w- c:\documents and settings\Owner\Application Data\Facebook\uninstall.exe 2010-04-08 18:20 . 2010-04-08 18:20 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 18:20 . 2010-04-08 18:20 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-03-31 05:16 . 2010-03-31 05:16 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-03-31 05:10 . 2010-03-31 05:10 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2006-05-03 09:06 . 2010-06-02 19:06 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47 . 2010-06-02 19:06 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30 . 2010-06-02 19:06 216064 --sh--r- c:\windows\system32\nbDX.dll . ((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))) . . *Note* empty entries & legit default entries are not shown REGEDIT4 [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "Window Washer"="c:\program files\Webroot\Washer\wwDisp.exe" [2007-11-26 1206600] [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run] "SoundMAXPnP"="c:\program files\Analog Devices\SoundMAX\SMax4PNP.exe" [2004-07-27 1388544] "IgfxTray"="c:\windows\system32\igfxtray.exe" [2003-03-11 155648] "HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2003-03-11 114688] "GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2008-10-25 31072] "Lexmark X1100 Series"="c:\program files\Lexmark X1100 Series\lxbkbmgr.exe" [2003-08-19 57344] "IntelliPoint"="c:\program files\Microsoft IntelliPoint\ipoint.exe" [2007-08-31 1037736] "ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2009-10-17 1037192] "NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2006-10-22 7700480] "nwiz"="nwiz.exe" [2008-05-16 1630208] "iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2010-04-28 142120] [HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run] "ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360] [HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager] BootExecute REG_MULTI_SZ autocheck autochk *\0autocheck smrgdf c:\documents and settings\Owner\Application Data\iolo" [HKEY_LOCAL_MACHINE\software\microsoft\security center] "AntiVirusOverride"=dword:00000001 [HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall] "DisableMonitoring"=dword:00000001 [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile] "EnableFirewall"= 0 (0x0) [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List] "%windir%\\system32\\sessmgr.exe"= R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [6/14/2010 4:24 PM 218592] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\Spyware Doctor\BDT\BDTUpdateService.exe [6/14/2010 4:28 PM 112592] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/10/2009 4:09 PM 704432] R2 ioloSystemService;iolo System Service;c:\program files\iolo\Common\Lib\ioloServiceManager.exe [1/10/2009 4:09 PM 704432] R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\CheckPoint\ZAForceField\ISWKL.sys [10/14/2009 8:30 AM 25208] R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\CheckPoint\ZAForceField\ISWSVC.exe [10/14/2009 8:30 AM 476528] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [6/14/2010 4:24 PM 366840] R2 wwEngineSvc;Window Washer Engine;c:\program files\Webroot\Washer\WasherSvc.exe [1/8/2009 9:57 PM 598856] S3 icsak;icsak;c:\program files\CheckPoint\ZAForceField\AK\icsak.sys [10/14/2009 8:29 AM 35448] [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost] getPlusHelper REG_MULTI_SZ getPlusHelper . Contents of the 'Scheduled Tasks' folder 2010-06-01 c:\windows\Tasks\AppleSoftwareUpdate.job - c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34] . . ------- Supplementary Scan ------- . uStart Page = hxxp://www.facebook.com/ uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5555 DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1271556074359 FF - ProfilePath - c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5swmy8tr.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\MozillaExtensions.dll FF - component: c:\program files\CheckPoint\ZAForceField\TrustChecker\components\TrustCheckerMozillaPlugin.dll FF - plugin: c:\documents and settings\Owner\Application Data\Facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\Owner\Application Data\Mozilla\Firefox\Profiles\5swmy8tr.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\DivX\DivX Plus Web Player\npdivx32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\ . . ------- File Associations ------- . JSEFile=NOTEPAD.EXE %1 . - - - - ORPHANS REMOVED - - - - Toolbar-Locked - (no file) HKLM-Run-Awevem - c:\windows\aquwuhuropifatu.dll AddRemove-01_Simmental - c:\program files\SAMSUNG\USB Drivers\01_Simmental\Uninstall.exe AddRemove-02_Siberian - c:\program files\SAMSUNG\USB Drivers\02_Siberian\Uninstall.exe AddRemove-03_Swallowtail - c:\program files\SAMSUNG\USB Drivers\03_Swallowtail\Uninstall.exe AddRemove-04_semseyite - c:\program files\SAMSUNG\USB Drivers\04_semseyite\Uninstall.exe AddRemove-05_Sloan - c:\program files\SAMSUNG\USB Drivers\05_Sloan\Uninstall.exe AddRemove-06_Spencer - c:\program files\SAMSUNG\USB Drivers\06_Spencer\Uninstall.exe AddRemove-07_Schorl - c:\program files\SAMSUNG\USB Drivers\07_Schorl\Uninstall.exe AddRemove-08_EMPChipset - c:\program files\SAMSUNG\USB Drivers\08_EMPChipset\Uninstall.exe AddRemove-09_Hsp - c:\program files\SAMSUNG\USB Drivers\09_Hsp\Uninstall.exe AddRemove-11_HSP_Plus_Default - c:\program files\SAMSUNG\USB Drivers\11_HSP_Plus_Default\Uninstall.exe AddRemove-12_Symbian_USB_Download_Driver - c:\program files\SAMSUNG\USB Drivers\12_Symbian_USB_Download_Driver\Uninstall.exe AddRemove-15_Symbian_Samsung_PC_DLC_Driver - c:\program files\SAMSUNG\USB Drivers\15_Symbian_Samsung_PC_DLC_Driver\Uninstall.exe AddRemove-16_Shrewsbury - c:\program files\SAMSUNG\USB Drivers\16_Shrewsbury\Uninstall.exe AddRemove-17_EMP_Chipset2 - c:\program files\SAMSUNG\USB Drivers\17_EMP_Chipset2\Uninstall.exe AddRemove-18_Zinia_Serial_Driver - c:\program files\SAMSUNG\USB Drivers\18_Zinia_Serial_Driver\Uninstall.exe AddRemove-19_VIA_driver - c:\program files\SAMSUNG\USB Drivers\19_VIA_driver\Uninstall.exe AddRemove-20_NXP_Driver - c:\program files\SAMSUNG\USB Drivers\20_NXP_Driver\Uninstall.exe ************************************************************************** disk not found C:\ please note that you need administrator rights to perform deep scan scanning hidden processes ... scanning hidden autostart entries ... scanning hidden files ... scan completed successfully hidden files: ************************************************************************** . --------------------- LOCKED REGISTRY KEYS --------------------- [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}] @DACL=(02 0011) @Denied: (A 2) (Everyone) @="FlashBroker" "LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe,-101" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\Elevation] @DACL=(02 0011) "Enabled"=dword:00000001 [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\LocalServer32] @DACL=(02 0011) @="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10h_ActiveX.exe" [HKEY_LOCAL_MACHINE\software\Classes\CLSID\{A483C63A-CDBC-426E-BF93-872502E8144E}\TypeLib] @DACL=(02 0011) @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}] @DACL=(02 0011) @Denied: (A 2) (Everyone) @="IFlashBroker4" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\ProxyStubClsid32] @DACL=(02 0011) @="{00020424-0000-0000-C000-000000000046}" [HKEY_LOCAL_MACHINE\software\Classes\Interface\{E3F2C3CB-5EB8-4A04-B22C-7E3B4B6AF30F}\TypeLib] @DACL=(02 0011) @="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}" "Version"="1.0" . Completion time: 2010-06-24 02:22:00 ComboFix-quarantined-files.txt 2010-06-24 07:21 Pre-Run: 1,439,473,664 bytes free Post-Run: 1,444,827,136 bytes free WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe [boot loader] timeout=2 default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS [operating systems] c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect - - End Of File - - 6FBED6D31F522B47F17BC454B4270035 DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 2:26:21.29 on Thu 06/24/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.896 [GMT -5:00] AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AV: ZoneAlarm Extreme Security Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Extreme Security Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch svchost.exe C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup svchost.exe svchost.exe C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\LEXPPS.EXE svchost.exe C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\explorer.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Program Files\Internet Explorer\IEXPLORE.EXE C:\Documents and Settings\Owner\Desktop\dds.com ============== Pseudo HJT Report =============== uStart Page = hxxp://www.facebook.com/ uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5555 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1271556074359 DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227713167968 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227713210984 DPF: {819F8533-D935-4183-B692-587F8D56AC3C} - hxxp://www.iolo.com/threatcenter/App/ocx/AVCheckUp.ocx DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.cn/download/SOPCORE.CAB DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\5swmy8tr.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaExtensions.dll FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-3-7 128016] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-14 218592] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-3-7 317072] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-3-7 486280] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-6-14 112592] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-10 704432] R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-10 704432] R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208] R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-14 366840] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-1-8 598856] R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2009-10-14 35448] S3 cpuz132;cpuz132;\??\c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys [?] S3 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-14 1142224] ============== File Associations =============== JSEFile=NOTEPAD.EXE %1 =============== Created Last 30 ================ 2010-06-24 07:02:01 0 d-sha-r- C:\cmdcons 2010-06-24 06:59:22 98816 ----a-w- c:\windows\sed.exe 2010-06-24 06:59:22 77312 ----a-w- c:\windows\MBR.exe 2010-06-24 06:59:22 256512 ----a-w- c:\windows\PEV.exe 2010-06-24 06:59:22 161792 ----a-w- c:\windows\SWREG.exe 2010-06-15 01:47:30 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes 2010-06-15 01:45:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-15 01:45:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-15 01:45:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-15 01:45:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-06-14 21:28:33 763832 ----a-w- c:\windows\BDTSupport.dll 2010-06-14 21:28:32 882 ----a-w- c:\windows\RegSDImport.xml 2010-06-14 21:28:32 879 ----a-w- c:\windows\RegISSImport.xml 2010-06-14 21:28:31 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-06-14 21:28:31 1652664 ----a-w- c:\windows\PCTBDCore.dll 2010-06-14 21:28:31 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-06-14 21:28:31 131 ----a-w- c:\windows\IDB.zip 2010-06-14 21:28:31 1152444 ----a-w- c:\windows\UDB.zip 2010-06-14 21:25:08 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat 2010-06-14 21:25:08 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-06-14 21:24:43 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-06-14 21:24:43 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat 2010-06-14 21:24:43 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat 2010-06-14 21:24:43 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-06-14 21:24:28 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat 2010-06-14 21:24:28 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-06-14 21:24:02 0 d-----w- c:\program files\common files\PC Tools 2010-06-14 21:24:01 0 d-----w- c:\program files\Spyware Doctor 2010-06-14 21:24:01 0 d-----w- c:\docume~1\owner\applic~1\PC Tools 2010-06-14 21:24:01 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools 2010-06-14 05:41:16 120 ----a-w- c:\windows\Rzoracupodovuj.dat 2010-06-14 05:41:16 0 ----a-w- c:\windows\Oyobazukohomal.bin 2010-06-10 02:29:18 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-02 19:07:25 719872 ----a-w- c:\windows\system32\devil.dll 2010-06-02 19:07:25 369152 ----a-w- c:\windows\system32\avisynth.dll 2010-06-02 19:07:23 70656 ----a-w- c:\windows\system32\yv12vfw.dll 2010-06-02 19:07:23 70656 ----a-w- c:\windows\system32\i420vfw.dll 2010-06-02 19:07:23 0 d-----w- c:\program files\AviSynth 2.5 2010-06-02 19:06:45 0 d-----w- c:\program files\eRightSoft 2010-06-02 06:25:44 0 d--h--w- c:\windows\PIF 2010-06-02 05:41:17 98560 ----a-w- c:\windows\system32\drivers\sscdbus.sys 2010-06-02 05:41:17 14848 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys 2010-06-02 05:41:17 12416 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys 2010-06-02 05:41:17 12416 ----a-w- c:\windows\system32\drivers\sscdcm.sys 2010-06-02 05:41:17 123648 ----a-w- c:\windows\system32\drivers\sscdmdm.sys 2010-06-02 05:41:17 12288 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys 2010-06-02 05:41:17 12288 ----a-w- c:\windows\system32\drivers\sscdwh.sys 2010-06-02 05:41:17 100352 ----a-w- c:\windows\system32\drivers\sscdserd.sys 2010-06-02 05:39:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Samsung 2010-06-02 01:51:29 0 d-----w- c:\docume~1\owner\applic~1\Samsung 2010-06-02 01:45:09 174592 ----a-w- c:\windows\system32\framedyn.dll 2010-06-02 01:45:00 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-06-02 01:44:33 0 d-----w- c:\windows\system32\Samsung_USB_Drivers 2010-06-02 01:44:11 766 ----a-w- c:\windows\system32\Uninstall.ico 2010-06-02 01:43:54 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-06-02 01:43:23 0 d-----w- c:\program files\Samsung ==================== Find3M ==================== 2010-06-23 16:12:23 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-21 19:46:38 93096 ----a-w- c:\windows\system32\IncContxMenu.dll 2010-04-21 19:46:28 2316712 ----a-w- c:\windows\system32\Incinerator.dll 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-08 18:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 18:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-03-31 05:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-03-31 05:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll ============= FINISH: 2:29:04.26 ===============
-
DDS (Ver_10-03-17.01) - NTFSx86 Run by Owner at 2:37:55.48 on Wed 06/23/2010 Internet Explorer: 8.0.6001.18702 BrowserJavaVersion: 1.6.0_16 Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.1535.831 [GMT -5:00] AV: Spyware Doctor with AntiVirus *On-access scanning enabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6} AV: ZoneAlarm Extreme Security Antivirus *On-access scanning enabled* (Updated) {5D467B10-818C-4CAB-9FF7-6893B5B8F3CF} FW: ZoneAlarm Extreme Security Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B} ============== Running Processes =============== C:\WINDOWS\system32\svchost -k DcomLaunch C:\WINDOWS\system32\svchost -k rpcss C:\WINDOWS\System32\svchost.exe -k netsvcs C:\WINDOWS\system32\svchost.exe -k WudfServiceGroup C:\WINDOWS\system32\svchost.exe -k NetworkService C:\WINDOWS\Explorer.EXE C:\WINDOWS\system32\svchost.exe -k LocalService C:\WINDOWS\system32\ctfmon.exe C:\WINDOWS\system32\ZoneLabs\vsmon.exe C:\Program Files\CheckPoint\ZAForceField\IswSvc.exe C:\WINDOWS\system32\LEXBCES.EXE C:\WINDOWS\system32\spoolsv.exe C:\WINDOWS\system32\svchost.exe -k LocalService C:\Program Files\Common Files\Apple\Mobile Device Support\AppleMobileDeviceService.exe C:\Program Files\Bonjour\mDNSResponder.exe C:\Program Files\Spyware Doctor\BDT\BDTUpdateService.exe C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe C:\Program Files\iolo\common\lib\ioloServiceManager.exe C:\WINDOWS\system32\nvsvc32.exe C:\Program Files\Spyware Doctor\pctsAuxs.exe C:\Program Files\Spyware Doctor\pctsSvc.exe C:\Program Files\Analog Devices\SoundMAX\SMAgent.exe C:\WINDOWS\system32\svchost.exe -k imgsvc C:\WINDOWS\system32\MsPMSPSv.exe C:\Program Files\Webroot\Washer\WasherSvc.exe C:\WINDOWS\System32\alg.exe C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe C:\Program Files\iPod\bin\iPodService.exe C:\Program Files\CheckPoint\ZAForceField\ForceField.exe C:\WINDOWS\System32\svchost.exe -k HTTPFilter C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Program Files\Windows Live\Messenger\msnmsgr.exe C:\Program Files\Windows Live\Contacts\wlcomm.exe C:\Program Files\Internet Explorer\iexplore.exe C:\Documents and Settings\Owner\Desktop\dds.com C:\WINDOWS\system32\wbem\wmiprvse.exe ============== Pseudo HJT Report =============== uStart Page = hxxp://www.facebook.com/ uInternet Settings,ProxyOverride = <local> uInternet Settings,ProxyServer = http=127.0.0.1:5555 BHO: Adobe PDF Link Helper: {18df081c-e8ad-4283-a596-fa578c2ebdc3} - c:\program files\common files\adobe\acrobat\activex\AcroIEHelperShim.dll BHO: PC Tools Browser Guard BHO: {2a0f3d1b-0909-4ff4-b272-609cce6054e7} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll BHO: {5C255C8A-E604-49b4-9D64-90988571CECB} - No File BHO: Groove GFS Browser Helper: {72853161-30c5-4d22-b7f9-0bbc1d38a37e} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll BHO: ZoneAlarm Toolbar Registrar: {8a4a36c2-0535-4d2c-bd3d-496cb7eed6e3} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\google toolbar\GoogleToolbar.dll BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\5.1.1309.3572\swg.dll BHO: Google Dictionary Compression sdch: {c84d72fe-e17d-4195-bb24-76c02e2e7c4e} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll BHO: Java Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll BHO: SearchSettings Class: {e312764e-7706-43f1-8dab-fcdd2b1e416d} - c:\program files\search settings\kb127\SearchSettings.dll BHO: JQSIEStartDetectorImpl Class: {e7e6f031-17ce-4c07-bc86-eabfe594f69c} - c:\program files\java\jre6\lib\deploy\jqs\ie\jqs_plugin.dll TB: Google Toolbar: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\google toolbar\GoogleToolbar.dll TB: ZoneAlarm Toolbar: {ee2ac4e5-b0b0-4ec6-88a9-bca1a32ab107} - c:\program files\checkpoint\zaforcefield\trustchecker\bin\TrustCheckerIEPlugin.dll TB: PC Tools Browser Guard: {472734ea-242a-422b-adf8-83d1e48cc825} - c:\program files\spyware doctor\bdt\PCTBrowserDefender.dll TB: {E67C74F4-A00A-4F2C-9FEC-FD9DC004A67F} - No File uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe uRun: [Window Washer] c:\program files\webroot\washer\wwDisp.exe uRunOnce: [index Washer] c:\program files\webroot\washer\WashIdx.exe "Owner" mRun: [soundMAXPnP] c:\program files\analog devices\soundmax\SMax4PNP.exe mRun: [igfxTray] c:\windows\system32\igfxtray.exe mRun: [HotKeysCmds] c:\windows\system32\hkcmd.exe mRun: [GrooveMonitor] "c:\program files\microsoft office\office12\GrooveMonitor.exe" mRun: [Lexmark X1100 Series] "c:\program files\lexmark x1100 series\lxbkbmgr.exe" mRun: [intelliPoint] "c:\program files\microsoft intellipoint\ipoint.exe" mRun: [ZoneAlarm Client] "c:\program files\zone labs\zonealarm\zlclient.exe" mRun: [NvCplDaemon] RUNDLL32.EXE c:\windows\system32\NvCpl.dll,NvStartup mRun: [nwiz] nwiz.exe /install mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe" mRun: [Awevem] rundll32.exe "c:\windows\aquwuhuropifatu.dll",Startup mRun: [iSTray] "c:\program files\spyware doctor\pctsTray.exe" mRunOnce: [sMRequiresRestart] dRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe IE: {2670000A-7350-4f3c-8081-5663EE0C6C49} - {48E73304-E1D6-4330-914C-F5F514E3486C} - c:\progra~1\micros~3\office12\ONBttnIE.dll IE: {92780B25-18CC-41C8-B9BE-3C9C571A8263} - {FF059E31-CC5A-4E2E-BF3B-96E929D65503} - c:\progra~1\micros~3\office12\REFIEBAR.DLL DPF: {1E54D648-B804-468d-BC78-4AFFED8E262E} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.0/srl_bin/sysreqlab3.cab DPF: {1E54D648-B804-468d-BC78-4AFFED8E262F} - hxxp://www.nvidia.com/content/DriverDownload/srl/3.0.0.4/srl_bin/sysreqlab_nvd.cab DPF: {32C3FEAE-0877-4767-8C20-62A5829A0945} - hxxp://static.ak.facebook.com/fbplugin/win32/axfbootloader.cab?1271556074359 DPF: {48DD0448-9209-4F81-9F6D-D83562940134} - hxxp://lads.myspace.com/upload/MySpaceUploader1006.cab DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} - hxxp://gfx2.hotmail.com/mail/w3/resources/MSNPUpld.cab DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} - hxxp://www.update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1227713167968 DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} - hxxp://update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1227713210984 DPF: {819F8533-D935-4183-B692-587F8D56AC3C} - hxxp://www.iolo.com/threatcenter/App/ocx/AVCheckUp.ocx DPF: {8AD9C840-044E-11D1-B3E9-00805F499D93} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {8FEFF364-6A5F-4966-A917-A3AC28411659} - hxxp://download.sopcast.cn/download/SOPCORE.CAB DPF: {8FFBE65D-2C9C-4669-84BD-5829DC0B603C} - hxxp://fpdownload.macromedia.com/get/flashplayer/current/polarbear/ultrashim.cab DPF: {CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_07-windows-i586.cab DPF: {CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {CAFEEFAC-FFFF-FFFF-FFFF-ABCDEFFEDCBA} - hxxp://java.sun.com/update/1.6.0/jinstall-1_6_0_16-windows-i586.cab DPF: {E2883E8F-472F-4FB0-9522-AC9BF37916A7} - hxxp://platformdl.adobe.com/NOS/getPlusPlus/1.6/gp.cab Filter: x-sdch - {B1759355-3EEC-4C1E-B0F1-B719FE26E377} - c:\program files\google\google toolbar\component\fastsearch_A8904FB862BD9564.dll Handler: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - c:\program files\microsoft office\office12\GrooveSystemServices.dll Notify: igfxcui - igfxsrvc.dll SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll SEH: Groove GFS Stub Execution Hook: {b5a7f190-dda6-4420-b3ba-52453494e6cd} - c:\program files\microsoft office\office12\GrooveShellExtensions.dll ================= FIREFOX =================== FF - ProfilePath - c:\docume~1\owner\applic~1\mozilla\firefox\profiles\5swmy8tr.default\ FF - prefs.js: browser.startup.homepage - hxxp://www.facebook.com/ FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\MozillaExtensions.dll FF - component: c:\program files\checkpoint\zaforcefield\trustchecker\components\TrustCheckerMozillaPlugin.dll FF - plugin: c:\documents and settings\owner\application data\facebook\npfbplugin_1_0_3.dll FF - plugin: c:\documents and settings\owner\application data\mozilla\firefox\profiles\5swmy8tr.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp071303000006.dll FF - plugin: c:\program files\divx\divx plus web player\npdivx32.dll FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\microsoft.net\framework\v3.5\windows presentation foundation\dotnetassistantextension\ FF - HiddenExtension: XULRunner: {F822BCF4-E8CB-41DA-83D0-75C441822A62} - c:\documents and settings\owner\local settings\application data\{F822BCF4-E8CB-41DA-83D0-75C441822A62} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0007-ABCDEFFEDCBA} FF - HiddenExtension: Java Console: No Registry Reference - c:\program files\mozilla firefox\extensions\{CAFEEFAC-0016-0000-0016-ABCDEFFEDCBA} ============= SERVICES / DRIVERS =============== R0 kl1;kl1;c:\windows\system32\drivers\kl1.sys [2010-3-7 128016] R0 PCTCore;PCTools KDS;c:\windows\system32\drivers\PCTCore.sys [2010-6-14 218592] R1 KLIF;Kaspersky Lab Driver;c:\windows\system32\drivers\klif.sys [2010-3-7 317072] R1 vsdatant;vsdatant;c:\windows\system32\vsdatant.sys [2010-3-7 486280] R2 Browser Defender Update Service;Browser Defender Update Service;c:\program files\spyware doctor\bdt\BDTUpdateService.exe [2010-6-14 112592] R2 ioloFileInfoList;iolo FileInfoList Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-10 704432] R2 ioloSystemService;iolo System Service;c:\program files\iolo\common\lib\ioloServiceManager.exe [2009-1-10 704432] R2 ISWKL;ZoneAlarm ForceField ISWKL;c:\program files\checkpoint\zaforcefield\ISWKL.sys [2009-10-14 25208] R2 IswSvc;ZoneAlarm ForceField IswSvc;c:\program files\checkpoint\zaforcefield\ISWSVC.exe [2009-10-14 476528] R2 sdAuxService;PC Tools Auxiliary Service;c:\program files\spyware doctor\pctsAuxs.exe [2010-6-14 366840] R2 sdCoreService;PC Tools Security Service;c:\program files\spyware doctor\pctsSvc.exe [2010-6-14 1142224] R2 vsmon;TrueVector Internet Monitor;c:\windows\system32\zonelabs\vsmon.exe -service --> c:\windows\system32\zonelabs\vsmon.exe -service [?] R2 wwEngineSvc;Window Washer Engine;c:\program files\webroot\washer\WasherSvc.exe [2009-1-8 598856] R3 icsak;icsak;c:\program files\checkpoint\zaforcefield\ak\icsak.sys [2009-10-14 35448] S3 cpuz132;cpuz132;\??\c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys --> c:\docume~1\owner\locals~1\temp\cpuz132\cpuz132_x32.sys [?] ============== File Associations =============== JSEFile=NOTEPAD.EXE %1 VBEFile=NOTEPAD.EXE %1 VBSFile=NOTEPAD.EXE %1 =============== Created Last 30 ================ 2010-06-15 01:47:30 0 d-----w- c:\docume~1\owner\applic~1\Malwarebytes 2010-06-15 01:45:15 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys 2010-06-15 01:45:13 20952 ----a-w- c:\windows\system32\drivers\mbam.sys 2010-06-15 01:45:13 0 d-----w- c:\program files\Malwarebytes' Anti-Malware 2010-06-15 01:45:13 0 d-----w- c:\docume~1\alluse~1\applic~1\Malwarebytes 2010-06-14 21:28:33 763832 ----a-w- c:\windows\BDTSupport.dll 2010-06-14 21:28:32 882 ----a-w- c:\windows\RegSDImport.xml 2010-06-14 21:28:32 879 ----a-w- c:\windows\RegISSImport.xml 2010-06-14 21:28:31 165840 ----a-w- c:\windows\PCTBDRes.dll 2010-06-14 21:28:31 1652664 ----a-w- c:\windows\PCTBDCore.dll 2010-06-14 21:28:31 149456 ----a-w- c:\windows\SGDetectionTool.dll 2010-06-14 21:28:31 131 ----a-w- c:\windows\IDB.zip 2010-06-14 21:28:31 1152444 ----a-w- c:\windows\UDB.zip 2010-06-14 21:25:08 7387 ----a-w- c:\windows\system32\drivers\pctgntdi.cat 2010-06-14 21:25:08 233136 ----a-w- c:\windows\system32\drivers\pctgntdi.sys 2010-06-14 21:24:43 88040 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys 2010-06-14 21:24:43 7412 ----a-w- c:\windows\system32\drivers\PCTAppEvent.cat 2010-06-14 21:24:43 7383 ----a-w- c:\windows\system32\drivers\pctcore.cat 2010-06-14 21:24:43 218592 ----a-w- c:\windows\system32\drivers\PCTCore.sys 2010-06-14 21:24:28 7383 ----a-w- c:\windows\system32\drivers\pctplsg.cat 2010-06-14 21:24:28 63360 ----a-w- c:\windows\system32\drivers\pctplsg.sys 2010-06-14 21:24:02 0 d-----w- c:\program files\common files\PC Tools 2010-06-14 21:24:01 0 d-----w- c:\program files\Spyware Doctor 2010-06-14 21:24:01 0 d-----w- c:\docume~1\owner\applic~1\PC Tools 2010-06-14 21:24:01 0 d-----w- c:\docume~1\alluse~1\applic~1\PC Tools 2010-06-14 05:41:16 120 ----a-w- c:\windows\Rzoracupodovuj.dat 2010-06-14 05:41:16 0 ----a-w- c:\windows\Oyobazukohomal.bin 2010-06-10 02:29:18 743424 -c----w- c:\windows\system32\dllcache\iedvtool.dll 2010-06-02 19:07:25 719872 ----a-w- c:\windows\system32\devil.dll 2010-06-02 19:07:25 369152 ----a-w- c:\windows\system32\avisynth.dll 2010-06-02 19:07:23 70656 ----a-w- c:\windows\system32\yv12vfw.dll 2010-06-02 19:07:23 70656 ----a-w- c:\windows\system32\i420vfw.dll 2010-06-02 19:07:23 27648 ----a-w- c:\windows\system32\AVSredirect.dll 2010-06-02 19:07:23 0 d-----w- c:\program files\AviSynth 2.5 2010-06-02 19:06:45 0 d-----w- c:\program files\eRightSoft 2010-06-02 06:25:44 0 d--h--w- c:\windows\PIF 2010-06-02 05:41:17 98560 ----a-w- c:\windows\system32\drivers\sscdbus.sys 2010-06-02 05:41:17 14848 ----a-w- c:\windows\system32\drivers\sscdmdfl.sys 2010-06-02 05:41:17 12416 ----a-w- c:\windows\system32\drivers\sscdcmnt.sys 2010-06-02 05:41:17 12416 ----a-w- c:\windows\system32\drivers\sscdcm.sys 2010-06-02 05:41:17 123648 ----a-w- c:\windows\system32\drivers\sscdmdm.sys 2010-06-02 05:41:17 12288 ----a-w- c:\windows\system32\drivers\sscdwhnt.sys 2010-06-02 05:41:17 12288 ----a-w- c:\windows\system32\drivers\sscdwh.sys 2010-06-02 05:41:17 100352 ----a-w- c:\windows\system32\drivers\sscdserd.sys 2010-06-02 05:39:51 0 d-----w- c:\docume~1\alluse~1\applic~1\Samsung 2010-06-02 01:51:29 0 d-----w- c:\docume~1\owner\applic~1\Samsung 2010-06-02 01:45:09 174592 ----a-w- c:\windows\system32\framedyn.dll 2010-06-02 01:45:00 348160 ----a-w- c:\windows\system32\msvcr71.dll 2010-06-02 01:44:33 0 d-----w- c:\windows\system32\Samsung_USB_Drivers 2010-06-02 01:44:11 766 ----a-w- c:\windows\system32\Uninstall.ico 2010-06-02 01:43:54 5632 ----a-w- c:\windows\system32\drivers\StarOpen.sys 2010-06-02 01:43:23 0 d-----w- c:\program files\Samsung ==================== Find3M ==================== 2010-06-22 21:47:42 4212 ---ha-w- c:\windows\system32\zllictbl.dat 2010-05-06 10:41:53 916480 ----a-w- c:\windows\system32\wininet.dll 2010-05-02 05:22:50 1851264 ----a-w- c:\windows\system32\win32k.sys 2010-04-21 19:46:38 93096 ----a-w- c:\windows\system32\IncContxMenu.dll 2010-04-21 19:46:28 2316712 ----a-w- c:\windows\system32\Incinerator.dll 2010-04-20 05:30:08 285696 ----a-w- c:\windows\system32\atmfd.dll 2010-04-08 18:20:02 91424 ----a-w- c:\windows\system32\dnssd.dll 2010-04-08 18:20:02 107808 ----a-w- c:\windows\system32\dns-sd.exe 2010-03-31 05:16:34 99176 ----a-w- c:\windows\system32\PresentationHostProxy.dll 2010-03-31 05:10:40 295264 ----a-w- c:\windows\system32\PresentationHost.exe 2006-05-03 09:06:54 163328 --sh--r- c:\windows\system32\flvDX.dll 2007-02-21 10:47:16 31232 --sh--r- c:\windows\system32\msfDX.dll 2008-03-16 12:30:52 216064 --sh--r- c:\windows\system32\nbDX.dll ============= FINISH: 2:41:07.43 =============== Attach.txt
-
i recently got the svc host virus which had my cpu at 100%. The virus i think has been removed or quarantine and now everytime i run malware there are 2 registry errors call broken open commad and it never removes them. is there a way to fix this?