|
|
jamesa
new user
Reg'd: Sun
Posts: 8
|
Re: Zlob problems
Fri May 09 2008 11:25 AM
|
|
|
Hi Bricat,
thanks for the reply.
Hopefully this is the combofix log, i am not getting any zlob alerts since i ran this.
ComboFix 08-05-01.3 - James Anderson 2008-05-04 12:51:59.1 - NTFSx86
Running from: C:\Documents and Settings\James Anderson\Desktop\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\Program Files\NetProject
C:\Program Files\NetProject\sbmntr.exe
C:\Program Files\NetProject\scit.exe
C:\Program Files\NetProject\wamdl.dll
C:\WINDOWS\Downloaded Program Files\launcher.ocx
C:\WINDOWS\Downloaded Program Files\setup.inf
C:\WINDOWS\system32\bismhru.dat
C:\WINDOWS\system32\bismhru.exe
C:\WINDOWS\system32\bismhru_nav.dat
C:\WINDOWS\system32\bismhru_navps.dat
.
((((((((((((((((((((((((( Files Created from 2008-04-04 to 2008-05-04 )))))))))))))))))))))))))))))))
.
2008-05-03 17:17 . 2008-05-03 17:17 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-03 15:16 . 2008-05-03 15:16 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-05-03 10:40 . 2008-05-03 10:40 <DIR> d-------- C:\Program Files\Lavasoft
2008-05-03 10:05 . 2008-05-03 10:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-05-02 10:48 . 2008-05-02 10:48 <DIR> d-------- C:\Program Files\Bazooka Scanner
2008-05-01 17:18 . 2008-05-01 21:18 <DIR> d-------- C:\WINDOWS\system32\527631
2008-04-29 10:16 . 2008-05-03 09:42 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-04-28 18:38 . 2008-04-28 18:38 <DIR> d-------- C:\Program Files\Common Files\xing shared
2008-04-27 12:49 . 2008-04-27 13:28 <DIR> d-------- C:\Program Files\Driving Test Success 2004-2005
2008-04-24 17:13 . 2008-04-30 09:19 <DIR> d-------- C:\Documents and Settings\James Anderson\Application Data\MxBoost
2008-04-24 17:10 . 2008-04-24 17:13 <DIR> d-------- C:\Program Files\Maxthon2
2008-04-23 10:32 . 2008-04-24 13:48 <DIR> d-------- C:\Documents and Settings\James Anderson\Application Data\K-Meleon
2008-04-21 15:27 . 2008-04-30 12:40 <DIR> d-------- C:\Program Files\Avant Browser
2008-04-21 14:01 . 2008-04-21 15:02 <DIR> d-------- C:\Documents and Settings\James Anderson\Application Data\Enigma Browser
2008-04-18 13:15 . 2008-04-18 13:15 <DIR> d-------- C:\Documents and Settings\James Anderson\Application Data\Flock
2008-04-18 13:10 . 2008-04-18 13:15 <DIR> d-------- C:\Program Files\Flock
2008-04-16 14:17 . 2008-04-16 14:17 141,312 --a------ C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2008-04-16 14:16 . 2008-05-03 17:18 <DIR> d-------- C:\Documents and Settings\James Anderson\Application Data\Spyware Terminator
2008-04-16 14:16 . 2008-05-02 16:39 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2008-04-16 14:15 . 2008-05-03 09:48 <DIR> d-------- C:\Program Files\Spyware Terminator
2008-04-11 15:41 . 2008-04-13 12:06 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-03 16:35 --------- d-----w C:\Documents and Settings\James Anderson\Application Data\wsInspector
2008-05-03 08:39 --------- d-----w C:\Program Files\SpywareBlaster
2008-05-01 16:19 --------- d-----w C:\Program Files\Opera
2008-05-01 15:09 --------- d-----w C:\Documents and Settings\James Anderson\Application Data\Skype
2008-04-30 09:57 --------- d-----w C:\Documents and Settings\James Anderson\Application Data\skypePM
2008-04-28 17:37 --------- d-----w C:\Program Files\Common Files\Real
2008-04-28 17:17 --------- d-----w C:\Documents and Settings\James Anderson\Application Data\SlimBrowser
2008-04-27 12:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Driving Test Success
2008-04-27 11:54 --------- d-----w C:\Program Files\Hazard Perception Training 2004-2005
2008-04-26 07:07 --------- d-----w C:\Program Files\Common Files\Adobe
2008-04-21 14:12 --------- d-----w C:\Program Files\Netscape
2008-04-21 14:05 --------- d-----w C:\Documents and Settings\James Anderson\Application Data\Netscape
2008-04-18 06:45 --------- d-----w C:\Documents and Settings\James Anderson\Application Data\SiteAdvisor
2008-04-13 22:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-04-13 19:54 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-04-11 13:59 --------- d-----w C:\Documents and Settings\James Anderson\Application Data\Lavasoft
2008-03-08 17:45 --------- d-----w C:\Program Files\Microsoft ActiveSync
2008-03-08 16:59 --------- d-----w C:\Program Files\Google
2008-03-08 16:12 --------- d-----w C:\Program Files\VS Revo Group
2008-03-08 15:39 --------- d-----w C:\Program Files\Yahoo!
2008-03-08 15:32 --------- d-----w C:\Program Files\CCleaner
2008-02-17 15:55 691,545 ----a-w C:\WINDOWS\unins000.exe
2008-02-06 07:47 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{51D81DD5-55B7-497F-95DB-D356429BB54E}"= "C:\Program Files\NetProject\wamdl.dll" [ ]
[HKEY_CLASSES_ROOT\clsid\{51d81dd5-55b7-497f-95db-d356429bb54e}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SiteAdvisor"="C:\Program Files\SiteAdvisor\6172\SiteAdv.exe" [2007-02-09 05:37 36904]
"MSKDetectorExe"="C:\Program Files\McAfee\SpamKiller\MSKDetct.exe" [2006-11-07 15:49 1121280]
"MISAggregator"="" []
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 23:33 582992]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{4d51e91c-e917-4b7f-89ff-abe471e16927}"= C:\WINDOWS\system32\uyhjw.dll [ ]
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Kodak EasyShare software.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Kodak EasyShare software.lnk
backup=C:\WINDOWS\pss\Kodak EasyShare software.lnkCommon Startup
[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^KODAK Software Updater.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\KODAK Software Updater.lnk
backup=C:\WINDOWS\pss\KODAK Software Updater.lnkCommon Startup
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CHotkey]
--a------ 2002-07-23 12:09 477184 C:\WINDOWS\mHotkey.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\msnmsgr]
C:\Program Files\MSN Messenger\msnmsgr.exe
[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
C:\Program Files\Yahoo!\Messenger\ypager.exe
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"37118:TCP"= 37118:TCP:ppLive
"42177:UDP"= 42177:UDP:ppLive
R1 sdcplh;sdcplh;C:\WINDOWS\system32\drivers\sdcplh.sys [2006-03-06 09:33]
R1 sp_rsdrv2;Spyware Terminator Driver 2;C:\WINDOWS\system32\drivers\sp_rsdrv2.sys [2008-04-16 14:17]
S3 f3e27fbf-5ea8-47c9-96e6-3d1a21f6f3c0;f3e27fbf-5ea8-47c9-96e6-3d1a21f6f3c0;D:\Player\cds300.dll []
S3 FileObjInfo;STFileDriver;C:\Documents and Settings\All Users\Application Data\Spyware Terminator\FileObjInfo.sys [2008-04-16 14:17]
S3 tap0801;TAP-Win32 Adapter V8;C:\WINDOWS\system32\DRIVERS\tap0801.sys [2006-03-27 16:03]
*Newly Created Service* - CATCHME
[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{c23dd370-cb79-11d2-898a-00c04f80a47f}]
rundll32.exe advpack.dll,LaunchINFSectionEx %SystemRoot%\INF\toolimg.inf,PerUserStub.Install,,36
.
Contents of the 'Scheduled Tasks' folder
"2007-07-17 12:07:23 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2008-01-01 01:01:00 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************
catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-04 13:02:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
Completion time: 2008-05-04 13:11:05
ComboFix-quarantined-files.txt 2008-05-04 12:10:58
Pre-Run: 19,472,318,464 bytes free
Post-Run: 19,576,315,904 bytes free
137 --- E O F --- 2008-04-11 07:09:52
|
|
|
|
0 registered and 16 anonymous users are browsing this forum.
Moderator: putasolutions, greysts, bricat, AndrewC, Joe_London, John_McKenna, Mouse, Hello_There, TheFatControlleR, Nanook, Noviciate
Print Thread
|
Forum Permissions
You cannot start new topics
You cannot reply to topics
HTML is disabled
Mark-up is enabled
|
Rating:
Thread views: 0
|
|
|
Previous
Index
Next
Flat
Edit
Reply
Quote
