stuck with annoying problem

View previous topic View next topic Go down

Re: stuck with annoying problem

Post by Dr Jay on 22nd November 2009, 2:11 am

I found the infection hiding. Thank goodness for my tool SpiderKill. Smile

Re-running ComboFix to remove infections:

  1. Close any open browsers.
  2. Close/disable all anti virus and anti malware programs so they do not interfere with the running of ComboFix.
  3. Open notepad and copy/paste the text in the quotebox below into it:

    killall::
    File::
    C:\Windows\System32\Driver\fidbox.dat
    C:\Windows\System32\Drivers\fidbox.idx
  4. Save this as CFScript.txt, in the same location as ComboFix.exe



  5. Referring to the picture above, drag CFScript into ComboFix.exe
  6. When finished, it shall produce a log for you at C:\ComboFix.txt
  7. Please post the contents of the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: stuck with annoying problem

Post by 3dsoundz on 27th November 2009, 11:28 pm

Here is the log for new scan
ComboFix 09-11-25.03 - Amit 11/25/2009 21:24.2.2 - x86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2038.1350 [GMT -6:00]
Running from: c:\documents and settings\Amit\My Documents\ComboFx.exe
Command switches used :: c:\documents and settings\Amit\My Documents\CFScript.txt
AV: Norton Internet Security *On-access scanning disabled* (Updated) {E10A9785-9598-4754-B552-92431C1C35F8}
AV: Spyware Doctor with AntiVirus *On-access scanning disabled* (Updated) {D3C23B96-C9DC-477F-8EF1-69AF17A6EFF6}
FW: Norton Internet Security *disabled* {7C21A4C9-F61F-4AC4-B722-A6E19C16F220}
* Created a new restore point

FILE ::
"c:\windows\System32\Driver\fidbox.dat"
"c:\windows\System32\Drivers\fidbox.idx"
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\System32\Drivers\fidbox.idx

.
((((((((((((((((((((((((( Files Created from 2009-10-26 to 2009-11-26 )))))))))))))))))))))))))))))))
.

2009-11-26 02:52 . 2009-08-27 08:00 84912 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.032\NAVENG.SYS
2009-11-26 02:52 . 2009-08-27 08:00 177520 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.032\NAVENG32.DLL
2009-11-26 02:52 . 2009-08-27 08:00 1647984 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.032\NAVEX32A.DLL
2009-11-26 02:52 . 2009-08-27 08:00 1323568 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.032\NAVEX15.SYS
2009-11-26 02:52 . 2009-09-22 08:00 259440 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.032\ECMSVR32.DLL
2009-11-26 02:52 . 2009-09-15 08:00 2747952 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.032\CCERASER.DLL
2009-11-26 02:52 . 2009-08-27 08:00 371248 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.032\EECTRL.SYS
2009-11-26 02:52 . 2009-08-27 08:00 102448 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\VirusDefs\20091125.032\ERASER.SYS
2009-11-13 00:23 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\Scxpx86.dll
2009-11-13 00:23 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSvix86.sys
2009-11-13 00:23 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys
2009-11-13 00:23 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSxpx86.dll
2009-11-13 00:23 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSviA64.sys
2009-11-07 08:02 . 2009-11-07 08:06 -------- d-----w- c:\program files\Ares
2009-11-06 21:36 . 2009-11-06 21:36 -------- d-----w- c:\program files\Free M4a to MP3 Converter
2009-11-06 19:20 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\IDSvix86.sys
2009-11-06 19:20 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\IDSXpx86.sys
2009-11-06 19:20 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\Scxpx86.dll
2009-11-06 19:20 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\IDSxpx86.dll
2009-11-06 19:20 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091105.001\IDSviA64.sys
2009-11-06 00:27 . 2009-11-06 00:27 -------- d-----w- c:\documents and settings\Amit\Application Data\Malwarebytes
2009-11-06 00:25 . 2009-09-10 20:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-11-06 00:25 . 2009-11-06 00:25 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-11-06 00:25 . 2009-09-10 20:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-11-06 00:25 . 2009-11-06 00:26 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-31 16:22 . 2009-11-01 16:54 45223968 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-10-30 01:59 . 2009-11-11 10:51 -------- d-----w- C:\commyFix11601c
2009-10-30 01:53 . 2009-09-23 21:10 207280 ----a-w- c:\windows\system32\drivers\PCTCore_2.sys
2009-10-30 01:21 . 2009-11-11 10:51 -------- d-----w- C:\commyFix
2009-10-28 22:37 . 2009-10-28 22:37 343088 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSvix86.sys
2009-10-28 22:37 . 2009-10-28 22:37 329592 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSXpx86.sys
2009-10-28 22:37 . 2009-10-28 22:37 811896 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\Scxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSxpx86.dll
2009-10-28 22:37 . 2009-10-28 22:37 466992 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\BinHub\IDSviA64.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-11-26 04:39 . 2008-10-03 04:25 -------- d-----w- c:\program files\IDrive
2009-11-26 03:20 . 2006-12-25 04:28 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-11-26 03:20 . 2009-10-26 03:58 -------- d-----w- c:\program files\Spyware Doctor
2009-11-22 05:44 . 2006-04-08 21:19 -------- d-----w- c:\documents and settings\Amit\Application Data\Azureus
2009-11-22 04:45 . 2004-12-18 00:07 -------- d-----w- c:\documents and settings\Amit\Application Data\.BitTornado
2009-11-22 04:17 . 2009-10-24 14:38 -------- d-----w- c:\program files\Vuze
2009-11-14 02:12 . 2009-10-24 14:38 -------- d-----w- c:\program files\AskBarDis
2009-11-07 19:57 . 2009-10-24 14:42 -------- d-----w- c:\documents and settings\Amit\Application Data\TuneUpMedia
2009-10-27 04:01 . 2009-10-26 03:58 -------- d-----w- c:\documents and settings\All Users\Application Data\PC Tools
2009-10-26 04:14 . 2009-10-26 03:58 -------- d-----w- c:\program files\Common Files\PC Tools
2009-10-26 03:58 . 2009-10-26 03:58 -------- d-----w- c:\documents and settings\Amit\Application Data\PC Tools
2009-10-24 14:43 . 2009-10-24 14:42 -------- d-----w- c:\documents and settings\All Users\Application Data\TuneUpMedia
2009-10-24 14:43 . 2009-07-28 14:33 -------- d-----w- c:\program files\iTunes
2009-10-24 14:43 . 2009-10-24 14:42 -------- d-----w- c:\program files\TuneUpMedia
2009-10-23 02:16 . 2005-06-11 10:42 -------- d-----w- c:\documents and settings\Amit\Application Data\Apple Computer
2009-10-21 01:29 . 2009-10-21 01:28 -------- d-----w- c:\documents and settings\All Users\Application Data\{755AC846-7372-4AC8-8550-C52491DAA8BD}
2009-10-21 01:28 . 2006-08-18 19:05 -------- d-----w- c:\program files\iPod
2009-10-21 01:28 . 2007-11-02 22:43 -------- d-----w- c:\program files\Common Files\Apple
2009-10-21 01:26 . 2009-10-21 01:26 -------- d-----w- c:\program files\Bonjour
2009-10-21 01:25 . 2009-04-14 16:08 -------- d-----w- c:\program files\QuickTime
2009-10-21 01:14 . 2009-10-21 01:14 79144 ----a-w- c:\documents and settings\All Users\Application Data\Apple Computer\Installer Cache\iTunes 9.0.1.8\SetupAdmin.exe
2009-10-18 17:19 . 2004-12-09 06:33 -------- d-----w- c:\program files\Dell
2009-10-18 15:55 . 2009-10-18 15:55 -------- d-----w- c:\documents and settings\Administrator\Application Data\Jasc Software Inc
2009-10-14 23:03 . 2004-12-09 06:32 -------- d-----w- c:\program files\Java
2009-10-14 23:01 . 2009-10-14 23:01 152576 ----a-w- c:\documents and settings\Amit\Application Data\Sun\Java\jre1.6.0_15\lzma.dll
2009-10-08 18:14 . 2009-10-27 04:01 59664 --s---w- c:\windows\system32\drivers\TfSysMon.sys
2009-10-08 18:14 . 2009-10-27 04:01 33552 --s---w- c:\windows\system32\drivers\TfNetMon.sys
2009-10-08 18:14 . 2009-10-27 04:01 51984 --s---w- c:\windows\system32\drivers\TfFsMon.sys
2009-10-06 21:31 . 2009-10-26 03:58 87784 ----a-w- c:\windows\system32\drivers\PCTAppEvent.sys
2009-10-03 20:03 . 2009-10-03 19:21 -------- d-----w- c:\program files\CrossLoop
2009-10-03 15:30 . 2009-10-03 15:07 -------- d-----w- c:\documents and settings\Amit\Application Data\Sony
2009-10-03 15:03 . 2009-10-03 15:03 -------- d-----w- c:\program files\Vstplugins
2009-10-03 15:02 . 2009-10-03 15:02 -------- d-----w- c:\program files\Sony
2009-10-03 15:01 . 2009-10-03 15:01 -------- d-----w- c:\program files\Sony Setup
2009-10-03 03:26 . 2009-05-21 02:12 -------- d-----w- c:\program files\Symantec
2009-10-03 02:49 . 2009-10-03 02:49 -------- d-----w- c:\program files\Norton Support
2009-09-24 13:55 . 2009-10-26 03:58 229304 ----a-w- c:\windows\system32\drivers\pctgntdi.sys
2009-09-23 21:10 . 2009-10-26 03:58 207280 ----a-w- c:\windows\system32\drivers\PCTCore.sys
2009-09-18 13:31 . 2009-09-18 13:31 10686001 ----a-w- c:\documents and settings\Amit\Application Data\Azureus\plugins\azump\mplayer.exe
2009-09-11 14:18 . 2004-08-04 11:00 136192 ----a-w- c:\windows\system32\msv1_0.dll
2009-09-10 20:10 . 2009-10-23 02:21 342576 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\IDSvix86.sys
2009-09-10 20:10 . 2009-10-23 02:21 329080 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\IDSXpx86.sys
2009-09-10 20:10 . 2009-10-23 02:21 732536 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\Scxpx86.dll
2009-09-10 20:10 . 2009-10-23 02:21 488312 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\IDSxpx86.dll
2009-09-10 20:10 . 2009-10-23 02:21 466480 ----a-w- c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091021.001\IDSviA64.sys
2009-09-04 21:03 . 2004-08-04 11:00 58880 ----a-w- c:\windows\system32\msasn1.dll
2009-09-03 14:45 . 2009-10-26 03:58 70408 ----a-w- c:\windows\system32\drivers\pctplsg.sys
2009-08-29 20:17 . 2004-12-18 01:30 55192 -c--a-w- c:\documents and settings\Amit\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-08-29 08:08 . 2004-08-04 11:00 916480 ------w- c:\windows\system32\wininet.dll
2009-08-29 00:42 . 2009-06-17 03:23 40448 ----a-w- c:\windows\system32\drivers\usbaapl.sys
2009-08-29 00:42 . 2009-06-17 03:23 2065696 ----a-w- c:\windows\system32\usbaaplrc.dll
2008-10-29 23:25 . 2008-10-29 23:25 13706 -c--a-w- c:\program files\Common Files\vasosicuv.scr
2007-03-09 14:37 . 2007-03-09 14:37 57792 -c--a-w- c:\program files\MC
2006-07-01 12:46 . 2006-07-01 12:46 73 -c--a-w- c:\program files\cdboot.phx
2006-07-01 12:46 . 2006-07-01 12:46 389 -c--a-w- c:\program files\proginfo.txt
2006-07-01 12:46 . 2006-07-01 12:46 167936 -c--a-w- c:\program files\diskinst.exe
2006-07-01 12:46 . 2006-07-01 12:46 113 -c--a-w- c:\program files\instruct.ini
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-11-26 03:40 . 2009-11-26 03:40 16384 c:\windows\Temp\Perflib_Perfdata_580.dat
+ 2009-11-26 03:39 . 2009-11-26 03:39 16384 c:\windows\Temp\Perflib_Perfdata_42c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{201f27d4-3704-41d6-89c1-aa35e39143ed}]
2009-04-02 18:47 333192 ----a-w- c:\program files\AskBarDis\bar\bin\askBar.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{3041d03e-fd4b-44e0-b742-2d9b88305f98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\Webbrowser]
"{3041D03E-FD4B-44E0-B742-2D9B88305F98}"= "c:\program files\AskBarDis\bar\bin\askBar.dll" [2009-04-02 333192]

[HKEY_CLASSES_ROOT\clsid\{3041d03e-fd4b-44e0-b742-2d9b88305f98}]
[HKEY_CLASSES_ROOT\TypeLib\{4b1c1e16-6b34-430e-b074-5928eca4c150}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ares"="c:\program files\Ares\Ares.exe" [2009-02-03 1004544]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"DMXLauncher"="c:\program files\Dell\Media Experience\DMXLauncher.exe" [2004-09-15 86016]
"Dell AIO Printer A920"="c:\program files\Dell AIO Printer A920\dlbkbmgr.exe" [2004-04-15 270336]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"igfxtray"="c:\windows\system32\igfxtray.exe" [2005-10-14 94208]
"igfxhkcmd"="c:\windows\system32\hkcmd.exe" [2005-10-14 77824]
"igfxpers"="c:\windows\system32\igfxpers.exe" [2005-10-14 114688]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-05-26 185896]
"Samsung PanelMgr"="c:\windows\Samsung\PanelMgr\SSMMgr.exe" [2008-08-08 524288]
"Symantec PIF AlertEng"="c:\program files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" [2008-01-29 583048]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2009-08-13 177440]
"Acrobat Assistant 7.0"="c:\program files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2008-04-23 483328]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-07-25 149280]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-09-05 417792]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2009-09-21 305440]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\progra~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

c:\documents and settings\Amit\Start Menu\Programs\Startup\
IDrive Tray.lnk - c:\program files\IDrive\IDriveEReg2ini.exe [2008-10-2 184320]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
802.11b+g USB Wireless LAN Utility.lnk - c:\program files\WLAN\802.11b+g USB WLAN\ZDWlan.exe [2008-2-13 430080]
Adobe Acrobat Speed Launcher.lnk - c:\windows\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2009-7-30 25214]
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2005-8-9 113664]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2004-12-9 24576]

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\session manager]
BootExecute REG_MULTI_SZ \0

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\SymEFA.sys]
@="FSFilter Activity Monitor"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"c:\\Program Files\\Messenger\\msmsgs.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=
"c:\\WINDOWS\\kdx\\KHost.exe"=
"c:\\Program Files\\KService\\KService.exe"=
"c:\\WINDOWS\\SYSTEM32\\LEXPPS.EXE"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\IDrive\\IDriveEClassic.exe"=
"c:\\Program Files\\IDrive\\IDriveETray.exe"=
"c:\\Program Files\\BitTornado\\btdownloadgui.exe"=
"c:\\Program Files\\WLAN\\802.11b+g USB WLAN\\ZDWlan.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"14238:TCP"= 14238:TCP:darshmeet
"1755:TCP"= 1755:TCP:windows media player

R0 PCTCore;PCTools KDS;c:\windows\SYSTEM32\DRIVERS\PCTCore.sys [10/25/2009 9:58 PM 207280]
R0 SymEFA;Symantec Extended File Attributes;c:\windows\SYSTEM32\DRIVERS\NIS\1007020.00B\SymEFA.sys [9/8/2009 5:47 PM 310320]
R0 TfFsMon;TfFsMon;c:\windows\SYSTEM32\DRIVERS\TfFsMon.sys [10/26/2009 10:01 PM 51984]
R0 TfSysMon;TfSysMon;c:\windows\SYSTEM32\DRIVERS\TfSysMon.sys [10/26/2009 10:01 PM 59664]
R1 BHDrvx86;Symantec Heuristics Driver;c:\windows\SYSTEM32\DRIVERS\NIS\1007020.00B\BHDrvx86.sys [9/8/2009 5:47 PM 259632]
R1 ccHP;Symantec Hash Provider;c:\windows\SYSTEM32\DRIVERS\NIS\1007020.00B\cchpx86.sys [9/8/2009 5:47 PM 482432]
R1 IDSxpx86;IDSxpx86;c:\documents and settings\All Users\Application Data\Norton\{0C55C096-0F1D-4F28-AAA2-85EF591126E7}\Norton\Definitions\IPSDefs\20091111.001\IDSXpx86.sys [11/12/2009 6:23 PM 329592]
R2 ASKService;ASKService;c:\program files\AskBarDis\bar\bin\AskService.exe [11/13/2009 8:12 PM 464264]
R2 ASKUpgrade;ASKUpgrade;c:\program files\AskBarDis\bar\bin\ASKUpgrade.exe [11/13/2009 8:13 PM 234888]
R2 IDriveE Service;IDriveE Service;c:\program files\IDrive\IDriveE Service.exe [10/2/2008 10:25 PM 136656]
R2 IDrivePlugin;IDrivePlugin;c:\program files\IDrive\IDriveWebM.exe [10/2/2008 10:25 PM 58832]
R2 Norton Internet Security;Norton Internet Security;c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe [9/8/2009 5:47 PM 117640]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [8/27/2009 2:00 AM 102448]
S0 Lbd;Lbd;c:\windows\system32\DRIVERS\Lbd.sys --> c:\windows\system32\DRIVERS\Lbd.sys [?]
S2 SSPORT;SSPORT;\??\c:\windows\system32\Drivers\SSPORT.sys --> c:\windows\system32\Drivers\SSPORT.sys [?]
S3 sdAuxService;PC Tools Auxiliary Service;c:\program files\Spyware Doctor\pctsAuxs.exe [10/25/2009 9:58 PM 358600]
S3 TfNetMon;TfNetMon;c:\windows\SYSTEM32\DRIVERS\TfNetMon.sys [10/26/2009 10:01 PM 33552]
S3 WLAN(WLAN);802.11b+g USB Wireless LAN Adapter Driver(WLAN);c:\windows\SYSTEM32\DRIVERS\ZD1211U.sys [6/5/2005 5:18 PM 258560]
S3 ZD1201U;ZyDAS ZD1201 IEEE 802.11b Wireless LAN Driver (USB);c:\windows\system32\DRIVERS\zd1201u.sys --> c:\windows\system32\DRIVERS\zd1201u.sys [?]
S3 ZDBRGSYS;ZDBRGSYS NDIS Protocol Driver;c:\windows\SYSTEM32\ZDBRGSYS.sys [6/5/2005 5:18 PM 19200]
S3 ZDNDIS5;ZDNDIS5 NDIS Protocol Driver;\??\c:\windows\system32\ZDNDIS5.SYS --> c:\windows\system32\ZDNDIS5.SYS [?]
S4 pctgntdi;pctgntdi;c:\windows\SYSTEM32\DRIVERS\pctgntdi.sys [10/25/2009 9:58 PM 229304]
S4 pctplsg;pctplsg;c:\windows\SYSTEM32\DRIVERS\pctplsg.sys [10/25/2009 9:58 PM 70408]
.
Contents of the 'Scheduled Tasks' folder

2009-08-04 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 18:34]

2009-03-15 c:\windows\Tasks\McDefragTask.job
- c:\windows\system32\DEFRAG.EXE [2004-08-04 00:12]
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
uSearchMigratedDefaultURL = [You must be registered and logged in to see this link.]
mStart Page = [You must be registered and logged in to see this link.]
mSearch Bar =
uInternet Connection Wizard,ShellNext = [You must be registered and logged in to see this link.]
uInternet Settings,ProxyOverride = 127.0.0.1;*.local
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert to existing PDF - c:\program files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\Office10\EXCEL.EXE/3000
IE: Yahoo! &SMS - [You must be registered and logged in to see this link.] files\Yahoo!\Common/ycsms.htm
TCP: {6876C54C-08AF-4D30-8DB2-CA7CBADD2463} = 192.168.1.254,192.168.2.254
DPF: Garmin Communicator Plug-In - [You must be registered and logged in to see this link.]
DPF: Microsoft XML Parser for Java - [You must be registered and logged in to see this link.]
.
- - - - ORPHANS REMOVED - - - -

AddRemove-RealJukebox 1.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0
AddRemove-RealPlayer 6.0 - c:\program files\Common Files\Real\Update_OB\r1puninst.exe RealNetworks|RealPlayer|6.0



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2009-11-25 22:38
Windows 5.1.2600 Service Pack 3 NTFS

scanning hȋdden processes ...

scanning hȋdden autostart entries ...

scanning hȋdden files ...

scan completed successfully
hȋdden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\Norton Internet Security]
"ImagePath"="\"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\ccSvcHst.exe\" /s \"Norton Internet Security\" /m \"c:\program files\Norton Internet Security\Norton Internet Security\Engine\16.7.2.11\diMaster.dll\" /prefetch:1"
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_USERS\S-1-5-21-3018035710-715601661-13499995-1007\Software\Microsoft\SystemCertificates\AddressBook*]
@Allowed: (Read) (RestrictedCode)
@Allowed: (Read) (RestrictedCode)
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(2624)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
------------------------ Other Running Processes ------------------------
.
c:\windows\system32\LEXBCES.EXE
c:\windows\system32\LEXPPS.EXE
c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
c:\program files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
c:\program files\Bonjour\mDNSResponder.exe
c:\program files\Java\jre6\bin\jqs.exe
c:\program files\KService\KService.exe
c:\program files\Dell AIO Printer A920\dlbkbmon.exe
c:\program files\IDrive\IDriveEBackground.exe
c:\program files\iPod\bin\iPodService.exe
c:\windows\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2009-11-25 22:46 - machine was rebooted
ComboFix-quarantined-files.txt 2009-11-26 04:46
ComboFix2.txt 2009-11-20 04:10

Pre-Run: 70,290,571,264 bytes free
Post-Run: 70,561,730,560 bytes free

- - End Of File - - 07159377C53AEBE6BAAC353E71BEA777

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: stuck with annoying problem

Post by Dr Jay on 28th November 2009, 7:14 am

Please re-open Malwarebytes, click the Update tab, and click Check for Updates. Then, click the Scanner tab, select Perform Quick Scan, and press Scan. Remove selected, and post the log in your next reply.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: stuck with annoying problem

Post by 3dsoundz on 3rd December 2009, 2:14 am

Malwarebytes' Anti-Malware 1.41
Database version: 3283
Windows 5.1.2600 Service Pack 3

12/2/2009 8:10:54 PM
mbam-log-2009-12-02 (20-10-54).txt

Scan type: Quick Scan
Objects scanned: 128507
Time elapsed: 34 minute(s), 25 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Ext\Settings\{b7d3e479-cc68-42b5-a338-938ece35f419} (Adware.Softomate) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: stuck with annoying problem

Post by Dr Jay on 3rd December 2009, 2:34 am

Download Security Check by screen317 from [You must be registered and logged in to see this link.] or [You must be registered and logged in to see this link.].
  • Save it to your Desktop.
  • Double click SecurityCheck.exe and follow the onscreen instructions inside of the black box.
  • A Notepad document should open automatically called checkup.txt; please post the contents of that document.


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: stuck with annoying problem

Post by 3dsoundz on 4th December 2009, 2:33 am

This r again too many scans isnt there any shortcut ?

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: stuck with annoying problem

Post by 3dsoundz on 4th December 2009, 2:44 am

Results of screen317's Security Check version 0.99.1
Windows XP Service Pack 3
``````````````````````````````
Antivirus/Firewall Check:

Windows Firewall Enabled!
Norton Internet Security
``````````````````````````````
Anti-malware/Other Utilities Check:

Spyware Doctor 7.0
TuneUp Companion 1.5.11
Java(TM) 6 Update 15
Out of date Java installed!
Adobe Flash Player 10
``````````````````````````````
Process Check:
objlist.exe by Laurent

Norton ccSvcHst.exe
``````````````````````````````
DNS Vulnerability Check:

GREAT! (Not vulnerable to DNS cache poisoning)

`````````End of Log```````````

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: stuck with annoying problem

Post by 3dsoundz on 4th December 2009, 2:46 am

If we r done with my computer than i got my friends laptop with i m guessing very big problem i even dont know where to start from so if u say yes we r done with mine than i can tell u friend's story

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: stuck with annoying problem

Post by 3dsoundz on 4th December 2009, 3:03 am

Hello again I did some reading here n found out things about my friend's laptop n it seems like he got infected by security tools malware n also by personal security malware so please help me as i have his laptop his wife was browsing thru facebook n it came in thru msg from known friends name in which she had a link n without reading it properly she cliked on it n got infected n either she ended up sending that link to others or it just picked up contacts n sent it itself so help more detail next time as u need it

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: stuck with annoying problem

Post by Dr Jay on 4th December 2009, 10:59 am

Please start a new topic for that, and explain the issue.

Please download the newest version of Java from [You must be registered and logged in to see this link.].

Before installing: it is important to remove older versions of Java since it does not do so automatically and old versions still leave you vulnerable.
Go to the Control Panel and enter Add or Remove Programs.
Search in the list for all previous installed versions of Java. (J2SE Runtime Environment). Please uninstall/remove each of them.

Once old versions are gone, please install the newest version.

==

Please read the following information that I have provided, which will help you prevent malicious software in the future. Please keep in mind, malware is a continuous danger on the Internet. It is highly important to stay safe while browsing, to prevent re-infection.

Software recommendations

AntiSpyware

  • [You must be registered and logged in to see this link.]
    SpywareBlaster is a program that prevents spyware from installing on your computer. A tutorial on using SpywareBlaster may be found [You must be registered and logged in to see this link.].
  • [You must be registered and logged in to see this link.].
    Spybot - Search & Destroy is a spyware and adware removal program. It also has realtime protection, TeaTimer to help safeguard your computer against spyware. (The link for Spybot - Search & Destroy contains a tutorial that will help you download, install, and begin using Spybot).


NOTE: Please keep ALL of these programs up-to-date and run them whenever you suspect a problem to prevent malware problems.

Resident Protection help
A number of programs have resident protection and it is a good idea to run the resident protection of one of each type of program to maintain protection. However, it is important to run only one resident program of each type since they can conflict and become less effective. That means only one antivirus, firewall, and scanning anti-spyware program at a time. Passive protectors such as SpywareBlaster can be run with any of them.

Rogue programs help
There are a lot of rogue programs out there that want to scare you into giving them your money and some malware actually claims to be security programs. If you get a popup for a security program that you did not install yourself, do NOT click on it and ask for help immediately. It is very important to run an antivirus and firewall, but you can't always rely on reviews and ads for information. Ask in a security forum that you trust if you are not sure. If you are unsure and looking for anti-spyware programs, you can find out if it is a rogue here:
[You must be registered and logged in to see this link.]

Securing your computer

  • [You must be registered and logged in to see this link.] - It is very important to make sure that both Internet Explorer and Windows are kept current with the latest critical security patches from Microsoft. To do this just start Internet Explorer and select Tools > Windows Update, and follow the online instructions from there.
  • [You must be registered and logged in to see this link.] replaces your current HOSTS file with one containing well known ad sites and other bad sites. This prevents your computer from connecting to those sites by redirecting them to 127.0.0.1, which is your local computer's loopback address, meaning it will be difficult to infect your computer in the future.


Please consider using an alternate browser
Mozilla's Firefox browser is a very good alternative. In addition to being generally more secure than Internet Explorer, it has a very good built-in popup blocker and add-ons, like NoScript, can make it even more secure. Opera is another good option.

If you are interested:


Thank you for choosing GeekPolice. Please see [You must be registered and logged in to see this link.] if you would like to leave feedback or contribute to our site. Do you have any more questions?


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

Re: stuck with annoying problem

Post by 3dsoundz on 4th December 2009, 2:36 pm

So does this mean my computer is officially free of bad stuff n no more scanning is needed.......i mean it seems like that from your msg but i m making sure n is it ok if i remove malwarebytes spiderkill combofix n them from my system

3dsoundz
Intermediate
Intermediate

Posts Posts : 127
Joined Joined : 2009-10-26
OS OS : win xp sp3
Points Points : 27698
# Likes # Likes : 0

View user profile

Back to top Go down

Re: stuck with annoying problem

Post by Dr Jay on 5th December 2009, 12:19 am

You may remove SpiderKill and ComboFix. Malwarebytes can normally be kept as a scanner only, but you can Uninstall it if you like. Smile


Dr. Jay (DJ)


[You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.] ~ [You must be registered and logged in to see this link.]

Dr Jay
Head Administrator
Head Administrator

Posts Posts : 13810
Joined Joined : 2009-09-06
Gender Gender : Male
OS OS : Windows 10 Home & Pro
Arch. Arch. : x64 (64-bit)
Protection Protection : Bitdefender Total Security
Points Points : 302437
# Likes # Likes : 10

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum