Surprise! Zlob.g...please help!

View previous topic View next topic Go down

Solved Surprise! Zlob.g...please help!

Post by liljanjann on Sun Dec 07, 2008 10:18 am

About two hours ago, I tried to enter a site to download a file and soon after, I started receiving popups from Windows Firewall about Trojan.Zlob.G. Firefox has been constantly crashing since then, and IE isn't working either. I'm not great with computers..plus, it's final exams week, so I already have enough to worry about Sad tearing Please help! Here's my Hijackthis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 4:02:30 AM, on 12/7/2008
Platform: Windows Vista (WinNT 6.00.1904)
MSIE: Internet Explorer v7.00 (7.00.6000.16757)
Boot mode: Normal

Running processes:
C:\Windows\system32\Dwm.exe
C:\Program Files\DellTPad\Apoint.exe
C:\Windows\OEM02Mon.exe
C:\Program Files\Sigmatel\C-Major Audio\WDM\sttray.exe
C:\Windows\System32\rundll32.exe
C:\Windows\WindowsMobile\wmdc.exe
C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\Program Files\Dell\MediaDirect\PCMService.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe
C:\Program Files\Dell Photo AIO Printer 926\memcard.exe
C:\Program Files\GridService\peer.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Windows\ehome\ehtray.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Dell\QuickSet\quickset.exe
C:\PROGRA~1\TRENDM~1\INTERN~1\PccGuide.exe
C:\Windows\ehome\ehmsas.exe
C:\Windows\system32\taskeng.exe
C:\Program Files\Windows Media Player\wmpnscfg.exe
C:\Windows\System32\rundll32.exe
C:\Program Files\DellTPad\ApMsgFwd.exe
C:\Program Files\DellTPad\HidFind.exe
c:\Program Files\WIDCOMM\Bluetooth Software\BtStackServer.exe
C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
C:\Program Files\DellTPad\Apntex.exe
C:\Windows\system32\conime.exe
C:\Windows\system32\wuauclt.exe
C:\Program Files\Java\jre1.6.0_07\bin\jucheck.exe
C:\Windows\explorer.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Windows Media Player\wmplayer.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
C:\Program Files\Perfect Defender 2009\pdmonitor.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Users\Janet\Downloads\Hijack(GP)This.exe

O1 - Hosts: ::1 localhost
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: BitComet ClickCapture - {39F7E362-828A-4B5A-BCAF-5B79BFDFEA60} - C:\Program Files\BitComet\tools\BitCometBHO_1.2.1.2.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\Dell\BAE\BAE.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [ECenter] C:\Dell\E-Center\EULALauncher.exe
O4 - HKLM\..\Run: [Apoint] C:\Program Files\DellTPad\Apoint.exe
O4 - HKLM\..\Run: [OEM02Mon.exe] C:\Windows\OEM02Mon.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\sttray.exe
O4 - HKLM\..\Run: [NvSvc] RUNDLL32.EXE C:\Windows\system32\nvsvc.dll,nvsvcStart
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\Windows\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\Windows\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [NVHotkey] rundll32.exe C:\Windows\system32\nvHotkey.dll,Start
O4 - HKLM\..\Run: [Windows Mobile Device Center] %windir%\WindowsMobile\wmdc.exe
O4 - HKLM\..\Run: [DELL Webcam Manager] "C:\Program Files\Dell\Dell Webcam Manager\DellWMgr.exe" /s
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [PCMService] "C:\Program Files\Dell\MediaDirect\PCMService.exe"
O4 - HKLM\..\Run: [Google Desktop Search] "C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe" /startup
O4 - HKLM\..\Run: [dscactivate] C:\Program Files\Dell Support Center\gs_agent\custom\dsca.exe
O4 - HKLM\..\Run: [pccguide.exe] "C:\Program Files\Trend Micro\Internet Security 14\pccguide.exe"
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [FaxCenterServer] "C:\Program Files\Dell PC Fax\fm3032.exe" /s
O4 - HKLM\..\Run: [dlcxmon.exe] "C:\Program Files\Dell Photo AIO Printer 926\dlcxmon.exe"
O4 - HKLM\..\Run: [MemoryCardManager] "C:\Program Files\Dell Photo AIO Printer 926\memcard.exe"
O4 - HKLM\..\Run: [DLCXCATS] rundll32 C:\Windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Grid Service] "C:\Program Files\GridService\peer.exe" -n Grid
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKCU\..\Run: [FreeNote] C:\Program Files\FreeNote\FreeNote.exe
O4 - HKCU\..\Run: [MsnMsgr] "C:\Program Files\Windows Live\Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [ehTray.exe] C:\Windows\ehome\ehTray.exe
O4 - HKCU\..\Run: [foxy] "C:\Program Files\Foxy\Foxy.exe" -tray
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O4 - HKCU\..\Run: [AdobeUpdater] C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKUS\S-1-5-19\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [WindowsWelcomeCenter] rundll32.exe oobefldr.dll,ShowWelcomeCenter (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [Sidebar] %ProgramFiles%\Windows Sidebar\Sidebar.exe /detectMem (User 'NETWORK SERVICE')
O4 - Startup: Yahoo! Widgets.lnk = C:\Program Files\Yahoo!\Widgets\YahooWidgets.exe
O4 - Global Startup: Adobe Gamma Loader.lnk = C:\Program Files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = C:\Program Files\Digital Line Detect\DLG.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office\OSA9.EXE
O4 - Global Startup: QuickSet.lnk = C:\Program Files\Dell\QuickSet\quickset.exe
O8 - Extra context menu item: &D&ownload &with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddLink.htm
O8 - Extra context menu item: &D&ownload all video with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddVideo.htm
O8 - Extra context menu item: &D&ownload all with BitComet - [You must be registered and logged in to see this link.] Files\BitComet\BitComet.exe/AddAllLink.htm
O8 - Extra context menu item: Foxy ?? - [You must be registered and logged in to see this link.] Files\Foxy\Foxy.exe/download.htm
O8 - Extra context menu item: Send image to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
O8 - Extra context menu item: Send page to &Bluetooth Device... - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\PROGRA~1\Java\JRE16~1.0_0\bin\ssv.dll
O9 - Extra button: @C:\Windows\WindowsMobile\INetRepl.dll,-222 - {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: (no name) - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra 'Tools' menuitem: @C:\Windows\WindowsMobile\INetRepl.dll,-223 - {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - C:\Windows\WindowsMobile\INetRepl.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - c:\Program Files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: BitComet - {D18A0B52-D63C-4ed0-AFC6-C1E3DC1AF43A} - [You must be registered and logged in to see this link.] Files\BitComet\tools\BitCometBHO_1.2.1.2.dll/206 (file missing)
O13 - Gopher Prefix:
O15 - ESC Trusted Zone: [You must be registered and logged in to see this link.]
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {406B5949-7190-4245-91A9-30A17DE16AD0} (Snapfish Activia) - [You must be registered and logged in to see this link.]
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - [You must be registered and logged in to see this link.]
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - [You must be registered and logged in to see this link.]
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - [You must be registered and logged in to see this link.]
O20 - AppInit_DLLs: C:\PROGRA~1\Google\GOOGLE~2\GOEC62~1.DLL
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Andrea ST Filters Service (AESTFilters) - Andrea Electronics Corporation - C:\Windows\system32\aestsrv.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Canon Camera Access Library 8 (CCALib8) - Canon Inc. - C:\Program Files\Canon\CAL\CALMAIN.exe
O23 - Service: dlcx_device - - C:\Windows\system32\dlcxcoms.exe
O23 - Service: Intel(R) PROSet/Wireless Event Log (EvtEng) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
O23 - Service: Google Desktop Manager 5.7.806.10245 (GoogleDesktopManager-061008-081103) - Google - C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Trend Micro Central Control Component (PcCtlCom) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\PcCtlCom.exe
O23 - Service: Intel(R) PROSet/Wireless Registry Service (RegSrvc) - Intel Corporation - C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: Roxio Hard Drive Watcher 9 (RoxWatch9) - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxWatch9.exe
O23 - Service: SigmaTel Audio Service (STacSV) - IDT, Inc. - C:\Windows\system32\STacSV.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Trend Micro Real-time Service (Tmntsrv) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\Tmntsrv.exe
O23 - Service: Trend Micro Personal Firewall (TmPfw) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\TmPfw.exe
O23 - Service: Trend Micro Proxy Service (tmproxy) - Trend Micro Inc. - C:\PROGRA~1\TRENDM~1\INTERN~1\tmproxy.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 12466 bytes

liljanjann
Novice
Novice

Posts Posts : 32
Joined Joined : 2008-12-07
OS OS : Windows Vista
Points Points : 29523
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Surprise! Zlob.g...please help!

Post by Belahzur on Sun Dec 07, 2008 2:15 pm

Hello.

1. Download this file - [You must be registered and logged in to see this link.]
2. Double click combofix.exe & follow the prompts, but select NO when asked to install the recovery console.
3. When finished, it shall produce a log for you. Post that log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Surprise! Zlob.g...please help!

Post by liljanjann on Sun Dec 07, 2008 11:24 pm

ComboFix 08-12-06.06 - Janet 2008-12-07 12:31:53.3 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.299 [GMT -6:00]
Running from: c:\users\Janet\Downloads\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-07 04:24 . 2008-12-07 04:24 d-------- c:\users\Janet\AppData\Roaming\Malwarebytes
2008-12-07 04:24 . 2008-12-07 04:24 d-------- c:\users\All Users\Malwarebytes
2008-12-07 04:24 . 2008-12-07 04:24 d-------- c:\programdata\Malwarebytes
2008-12-07 04:24 . 2008-12-07 04:24 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 04:24 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-07 04:24 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-12-07 03:23 . 2008-12-07 03:55 d-------- c:\program files\Perfect Defender 2009
2008-11-26 06:00 . 2008-10-20 23:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 06:00 . 2008-08-27 21:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 06:00 . 2008-08-27 21:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 06:00 . 2008-08-27 21:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 06:00 . 2008-10-21 21:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 06:00 . 2008-10-21 21:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-26 06:00 . 2008-10-21 21:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-23 14:22 . 2008-10-16 15:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-23 14:22 . 2008-10-16 14:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-23 14:22 . 2008-10-16 15:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-23 14:22 . 2008-10-16 15:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-23 14:21 . 2008-10-16 15:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-23 14:21 . 2008-10-16 14:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-23 14:21 . 2008-10-16 15:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-23 14:20 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-23 14:20 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-23 05:03 . 2008-11-23 05:03 268 --ah----- C:\sqmdata19.sqm
2008-11-23 05:03 . 2008-11-23 05:03 244 --ah----- C:\sqmnoopt19.sqm
2008-11-19 05:34 . 2008-11-19 05:34 268 --ah----- C:\sqmdata18.sqm
2008-11-19 05:34 . 2008-11-19 05:34 244 --ah----- C:\sqmnoopt18.sqm
2008-11-15 22:21 . 2008-11-15 22:21 268 --ah----- C:\sqmdata17.sqm
2008-11-15 22:21 . 2008-11-15 22:21 244 --ah----- C:\sqmnoopt17.sqm
2008-11-13 03:11 . 2008-11-13 03:11 268 --ah----- C:\sqmdata16.sqm
2008-11-13 03:11 . 2008-11-13 03:11 244 --ah----- C:\sqmnoopt16.sqm
2008-11-12 17:45 . 2008-09-09 21:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-12 17:45 . 2008-09-04 22:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-12 17:45 . 2008-08-25 19:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 17:45 . 2008-09-09 21:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-12 17:45 . 2008-09-04 22:45 2,048 --a------ c:\windows\System32\msxml3r.dll
2008-11-10 08:51 . 2008-11-10 08:51 268 --ah----- C:\sqmdata15.sqm
2008-11-10 08:51 . 2008-11-10 08:51 244 --ah----- C:\sqmnoopt15.sqm

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 18:07 --------- d-----w c:\program files\Dl_cats
2008-12-07 08:20 --------- d-----w c:\users\Janet\AppData\Roaming\DellFaxCtr
2008-12-07 08:20 --------- d-----w c:\users\Janet\AppData\Roaming\CyberLink
2008-12-07 08:20 --------- d-----w c:\users\Janet\AppData\Roaming\Creative
2008-12-07 08:20 --------- d-----w c:\users\Janet\AppData\Roaming\Apple Computer
2008-12-07 08:20 --------- d-----w c:\users\Janet\AppData\Roaming\acccore
2008-12-05 00:33 --------- d-----w c:\users\Janet\AppData\Roaming\LimeWire
2008-12-01 20:43 215,011 ----a-w c:\users\Janet\AppData\Roaming\nvModes.dat
2008-11-19 06:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-16 08:14 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-16 08:11 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-09-30 22:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-07-09 08:16 174 --sha-w c:\program files\desktop.ini
2008-01-05 05:30 76 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-07 10:30:12 1,660 ----a-w c:\windows\bthservsdp.dat
+ 2008-12-07 18:03:42 1,660 ----a-w c:\windows\bthservsdp.dat
- 2008-12-07 16:48:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-07 18:05:07 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-07 16:48:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-07 18:05:07 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-07 17:27:07 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-07 18:07:55 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-12-07 17:27:27 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-07 18:07:50 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-11-07 02:40:54 331,848 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2008-12-07 18:05:27 332,096 ----a-w c:\windows\System32\FNTCACHE.DAT
- 2008-11-07 02:43:42 88,136 ----a-w c:\windows\System32\GDIPFONTCACHEV1.DAT
+ 2008-12-07 18:09:03 88,136 ----a-w c:\windows\System32\GDIPFONTCACHEV1.DAT
- 2008-12-07 16:51:06 8,418 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3241033208-3944792556-2946622021-1000_UserData.bin
+ 2008-12-07 18:08:51 8,426 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3241033208-3944792556-2946622021-1000_UserData.bin
- 2008-12-07 16:51:06 62,432 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-07 18:08:51 62,640 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-07 16:51:02 44,944 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-07 18:08:23 44,960 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

liljanjann
Novice
Novice

Posts Posts : 32
Joined Joined : 2008-12-07
OS OS : Windows Vista
Points Points : 29523
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Surprise! Zlob.g...please help!

Post by liljanjann on Sun Dec 07, 2008 11:25 pm

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeNote"="c:\program files\FreeNote\FreeNote.exe" [2006-10-17 970752]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 68856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]
"Smax4v"="c:\users\Janet\AppData\Roaming\Google\windep.exe" [2008-12-07 128000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-25 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-25 81920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-09 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2007-08-27 1807696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-13 185896]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-15 106496]
"Grid Service"="c:\program files\GridService\peer.exe" [2007-12-14 840192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

c:\users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-12 110592]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-01-04 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-07-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B105F348-06C0-43D3-8712-0B0651064B85}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{82445D22-FA72-4B33-9479-C36999F1AB73}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{006A5DD0-492E-4779-A5B3-30C2BCB2CC04}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{70B0C549-5729-4FA5-BDBC-1196A92520E2}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{C23371C8-265C-42C9-A536-A51AF63DB867}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A5D93B9F-949B-45D1-831F-D3FF3B6D0FF0}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{4B17E826-B3CA-4859-9237-ED16C225C266}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B03C6A6F-382D-4245-8DB7-0A078DDFC155}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{916737EC-BEBD-43A1-AC1C-8F1550AE46E3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B4A288A1-BF80-459E-BC51-3E2453C29DCB}"= UDP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{478BAE58-471A-4D52-8BB6-0AED1C8D5FE3}"= TCP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{3919917C-B59F-408D-995B-5AFF46F46E74}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{793F8EAA-334F-4DF7-9FB0-C6997914C6C0}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{2B1D0F20-925E-43F0-9038-94807DFC98C7}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{237AF2F9-EC7C-42FB-BE3B-A4151ACD17FD}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{7A6E05BC-ED65-4A93-B661-FC6EDD09724A}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CE721D30-6D2B-4840-BFE3-4EB9EBE84BEC}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{55472D24-FAE1-4EDD-B438-B770901BB566}"= UDP:11114:BitComet 11114 TCP
"{D3D35632-D399-4401-B336-961818405B72}"= TCP:11114:BitComet 11114 UDP
"{BB268F50-F18A-4F36-8751-DDE4A70D763E}"= UDP:11114:BitComet 11114 TCP
"{7D1344F6-4E16-493C-942C-0855A2F2BFD9}"= TCP:11114:BitComet 11114 UDP
"{D7EAB8B2-C65A-4108-B9A0-9F06E447F7AB}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{C88284C1-6E7E-4777-894C-490D8A557ADE}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-04 73728]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service []
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-08-27 345432]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2007-08-27 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-01-04 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2007-08-27 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-01-11 24652]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-05 179712]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-01-05 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-01-05 7424]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2008-01-04 280392]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-04 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{905a898b-53b6-11dd-bbe3-001dd9eb76d6}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Foxy ?? - c:\program files\Foxy\Foxy.exe/download.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FireFox -: Profile - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\ypoht65n.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - [You must be registered and logged in to see this link.]
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\ypoht65n.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-07 12:37:12
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'Explorer.exe'(2552)
c:\users\Janet\AppData\Roaming\Google\dplsmjk.dll
.
Completion time: 2008-12-07 12:40:26
ComboFix-quarantined-files.txt 2008-12-07 18:40:22
ComboFix2.txt 2008-12-07 17:30:08

Pre-Run: 103,391,698,944 bytes free
Post-Run: 103,360,286,720 bytes free

243 --- E O F --- 2008-12-04 17:31:26

liljanjann
Novice
Novice

Posts Posts : 32
Joined Joined : 2008-12-07
OS OS : Windows Vista
Points Points : 29523
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Surprise! Zlob.g...please help!

Post by Belahzur on Sun Dec 07, 2008 11:27 pm

Now open a new notepad file.
Input this into the notepad file:

File::
C:\sqmdata19.sqm
C:\sqmnoopt19.sqm
C:\sqmdata18.sqm
C:\sqmnoopt18.sqm
C:\sqmdata17.sqm
C:\sqmnoopt17.sqm
C:\sqmdata16.sqm
C:\sqmnoopt16.sqm
C:\sqmdata15.sqm
C:\sqmnoopt15.sqm
c:\users\Janet\AppData\Roaming\Google\windep.exe

Folder::
c:\program files\Perfect Defender 2009

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Smax4v"=-

Save this as CFScript.txt, save it to your desktop also.
Then drag and drop CFScript.txt into combofix as seen below:


This will open combofix.exe again, agree to it's terms and allow it to run, it may want to reboot after it's done. Post the resulting log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Surprise! Zlob.g...please help!

Post by liljanjann on Sun Dec 07, 2008 11:57 pm

Here's the resulting log:

ComboFix 08-12-06.06 - Janet 2008-12-07 17:44:50.4 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6000.0.1252.1.1033.18.119 [GMT -6:00]
Running from: c:\users\Janet\Downloads\ComboFix.exe
Command switches used :: c:\users\Janet\Desktop\CFscript.txt

FILE ::
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
c:\users\Janet\AppData\Roaming\Google\windep.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\program files\Perfect Defender 2009
c:\program files\Perfect Defender 2009\pd.dll
c:\program files\Perfect Defender 2009\pdmonitor.exe
C:\sqmdata15.sqm
C:\sqmdata16.sqm
C:\sqmdata17.sqm
C:\sqmdata18.sqm
C:\sqmdata19.sqm
C:\sqmnoopt15.sqm
C:\sqmnoopt16.sqm
C:\sqmnoopt17.sqm
C:\sqmnoopt18.sqm
C:\sqmnoopt19.sqm
c:\users\Janet\AppData\Roaming\Google\windep.exe

.
((((((((((((((((((((((((( Files Created from 2008-11-07 to 2008-12-07 )))))))))))))))))))))))))))))))
.

2008-12-07 17:41 . 2008-12-07 17:42 d-------- C:\32788R22FWJFW
2008-12-07 04:24 . 2008-12-07 04:24 d-------- c:\users\Janet\AppData\Roaming\Malwarebytes
2008-12-07 04:24 . 2008-12-07 04:24 d-------- c:\users\All Users\Malwarebytes
2008-12-07 04:24 . 2008-12-07 04:24 d-------- c:\programdata\Malwarebytes
2008-12-07 04:24 . 2008-12-07 04:24 d-------- c:\program files\Malwarebytes' Anti-Malware
2008-12-07 04:24 . 2008-12-03 19:52 38,496 --a------ c:\windows\System32\drivers\mbamswissarmy.sys
2008-12-07 04:24 . 2008-12-03 19:52 15,504 --a------ c:\windows\System32\drivers\mbam.sys
2008-11-26 06:00 . 2008-10-20 23:16 1,645,568 --a------ c:\windows\System32\connect.dll
2008-11-26 06:00 . 2008-08-27 21:24 712,192 --a------ c:\windows\System32\WindowsCodecs.dll
2008-11-26 06:00 . 2008-08-27 21:24 425,472 --a------ c:\windows\System32\PhotoMetadataHandler.dll
2008-11-26 06:00 . 2008-08-27 21:24 347,136 --a------ c:\windows\System32\WindowsCodecsExt.dll
2008-11-26 06:00 . 2008-10-21 21:43 241,152 --a------ c:\windows\System32\PortableDeviceApi.dll
2008-11-26 06:00 . 2008-10-21 21:43 160,768 --a------ c:\windows\System32\PortableDeviceTypes.dll
2008-11-26 06:00 . 2008-10-21 21:43 95,232 --a------ c:\windows\System32\PortableDeviceClassExtension.dll
2008-11-23 14:22 . 2008-10-16 15:13 1,809,944 --a------ c:\windows\System32\wuaueng.dll
2008-11-23 14:22 . 2008-10-16 14:56 1,524,736 --a------ c:\windows\System32\wucltux.dll
2008-11-23 14:22 . 2008-10-16 15:09 51,224 --a------ c:\windows\System32\wuauclt.exe
2008-11-23 14:22 . 2008-10-16 15:09 43,544 --a------ c:\windows\System32\wups2.dll
2008-11-23 14:21 . 2008-10-16 15:12 561,688 --a------ c:\windows\System32\wuapi.dll
2008-11-23 14:21 . 2008-10-16 14:55 83,456 --a------ c:\windows\System32\wudriver.dll
2008-11-23 14:21 . 2008-10-16 15:08 34,328 --a------ c:\windows\System32\wups.dll
2008-11-23 14:20 . 2008-10-16 14:08 162,064 --a------ c:\windows\System32\wuwebv.dll
2008-11-23 14:20 . 2008-10-16 13:56 31,232 --a------ c:\windows\System32\wuapp.exe
2008-11-12 17:45 . 2008-09-09 21:25 1,341,440 --a------ c:\windows\System32\msxml6.dll
2008-11-12 17:45 . 2008-09-04 22:48 1,194,496 --a------ c:\windows\System32\msxml3.dll
2008-11-12 17:45 . 2008-08-25 19:11 211,456 --a------ c:\windows\System32\drivers\mrxsmb10.sys
2008-11-12 17:45 . 2008-09-09 21:21 2,048 --a------ c:\windows\System32\msxml6r.dll
2008-11-12 17:45 . 2008-09-04 22:45 2,048 --a------ c:\windows\System32\msxml3r.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-07 23:15 214,955 ----a-w c:\users\Janet\AppData\Roaming\nvModes.dat
2008-12-07 18:07 --------- d-----w c:\program files\Dl_cats
2008-12-07 08:20 --------- d-----w c:\users\Janet\AppData\Roaming\DellFaxCtr
2008-12-07 08:20 --------- d-----w c:\users\Janet\AppData\Roaming\CyberLink
2008-12-07 08:20 --------- d-----w c:\users\Janet\AppData\Roaming\Creative
2008-12-07 08:20 --------- d-----w c:\users\Janet\AppData\Roaming\Apple Computer
2008-12-07 08:20 --------- d-----w c:\users\Janet\AppData\Roaming\acccore
2008-12-05 00:33 --------- d-----w c:\users\Janet\AppData\Roaming\LimeWire
2008-11-19 06:28 --------- d--h--w c:\program files\InstallShield Installation Information
2008-10-16 08:14 --------- d-----w c:\program files\Microsoft Silverlight
2008-10-16 08:11 --------- d-----w c:\program files\Windows Mail
2008-10-02 03:49 826,368 ----a-w c:\windows\System32\wininet.dll
2008-10-02 03:49 56,320 ----a-w c:\windows\System32\iesetup.dll
2008-10-02 03:49 52,736 ----a-w c:\windows\AppPatch\iebrshim.dll
2008-10-02 03:48 26,624 ----a-w c:\windows\System32\ieUnatt.exe
2008-09-30 22:43 1,286,152 ----a-w c:\windows\System32\msxml4.dll
2008-09-18 04:35 3,505,208 ----a-w c:\windows\System32\ntkrnlpa.exe
2008-09-18 04:35 3,470,904 ----a-w c:\windows\System32\ntoskrnl.exe
2008-09-18 02:03 2,027,520 ----a-w c:\windows\System32\win32k.sys
2008-07-09 08:16 174 --sha-w c:\program files\desktop.ini
2008-01-05 05:30 76 --sh--r c:\windows\CT4CET.bin
.

((((((((((((((((((((((((((((( [You must be registered and logged in to see this link.] )))))))))))))))))))))))))))))))))))))))))
.
- 2008-12-07 10:30:12 1,660 ----a-w c:\windows\bthservsdp.dat
+ 2008-12-07 18:03:42 1,660 ----a-w c:\windows\bthservsdp.dat
- 2008-12-07 16:48:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
+ 2008-12-07 18:05:07 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive0.dat
- 2008-12-07 16:48:24 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
+ 2008-12-07 18:05:07 2,048 --sha-w c:\windows\ServiceProfiles\LocalService\AppData\Local\lastalive1.dat
- 2008-12-07 17:27:07 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
+ 2008-12-07 18:07:55 262,144 --sha-w c:\windows\ServiceProfiles\LocalService\NTUSER.DAT
- 2008-12-07 17:27:27 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
+ 2008-12-07 18:07:50 262,144 --sha-w c:\windows\ServiceProfiles\NetworkService\NTUSER.DAT
- 2008-11-07 02:40:54 331,848 ----a-w c:\windows\System32\FNTCACHE.DAT
+ 2008-12-07 18:05:27 332,096 ----a-w c:\windows\System32\FNTCACHE.DAT
- 2008-11-07 02:43:42 88,136 ----a-w c:\windows\System32\GDIPFONTCACHEV1.DAT
+ 2008-12-07 18:09:03 88,136 ----a-w c:\windows\System32\GDIPFONTCACHEV1.DAT
- 2008-12-07 16:51:06 8,418 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3241033208-3944792556-2946622021-1000_UserData.bin
+ 2008-12-07 18:08:51 8,426 ----a-w c:\windows\System32\WDI\{86432a0b-3c7d-4ddf-a89c-172faa90485d}\S-1-5-21-3241033208-3944792556-2946622021-1000_UserData.bin
- 2008-12-07 16:51:06 62,432 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
+ 2008-12-07 18:08:51 62,640 ----a-w c:\windows\System32\WDI\BootPerformanceDiagnostics_SystemData.bin
- 2008-12-07 16:51:02 44,944 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin
+ 2008-12-07 18:08:23 44,960 ----a-w c:\windows\System32\WDI\ShutdownPerformanceDiagnostics_SystemData.bin

liljanjann
Novice
Novice

Posts Posts : 32
Joined Joined : 2008-12-07
OS OS : Windows Vista
Points Points : 29523
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Surprise! Zlob.g...please help!

Post by liljanjann on Sun Dec 07, 2008 11:58 pm

.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"FreeNote"="c:\program files\FreeNote\FreeNote.exe" [2006-10-17 970752]
"MsnMsgr"="c:\program files\Windows Live\Messenger\MsnMsgr.Exe" [2007-10-18 5724184]
"ehTray.exe"="c:\windows\ehome\ehTray.exe" [2006-11-02 125440]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2008-01-04 68856]
"AdobeUpdater"="c:\program files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 2321600]
"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-11-02 201728]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ECenter"="c:\dell\E-Center\EULALauncher.exe" [2007-05-25 17920]
"Apoint"="c:\program files\DellTPad\Apoint.exe" [2007-09-24 159744]
"OEM02Mon.exe"="c:\windows\OEM02Mon.exe" [2007-08-28 36864]
"SigmatelSysTrayApp"="c:\program files\SigmaTel\C-Major Audio\WDM\sttray.exe" [2007-09-07 405504]
"NvSvc"="c:\windows\system32\nvsvc.dll" [2007-09-25 86016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2007-09-25 8478720]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2007-09-25 81920]
"NVHotkey"="c:\windows\system32\nvHotkey.dll" [2007-09-25 81920]
"Windows Mobile Device Center"="c:\windows\WindowsMobile\wmdc.exe" [2007-05-31 648072]
"DELL Webcam Manager"="c:\program files\Dell\Dell Webcam Manager\DellWMgr.exe" [2007-07-27 118784]
"ISUSScheduler"="c:\program files\Common Files\InstallShield\UpdateService\issch.exe" [2006-10-03 81920]
"PCMService"="c:\program files\Dell\MediaDirect\PCMService.exe" [2007-04-16 184320]
"Google Desktop Search"="c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-08-09 29744]
"dscactivate"="c:\program files\Dell Support Center\gs_agent\custom\dsca.exe" [2007-10-09 16384]
"pccguide.exe"="c:\program files\Trend Micro\Internet Security 14\pccguide.exe" [2007-08-27 1807696]
"ISUSPM Startup"="c:\progra~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2006-10-03 221184]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-12-11 286720]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2007-12-11 267048]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-01-13 185896]
"FaxCenterServer"="c:\program files\Dell PC Fax\fm3032.exe" [2006-11-03 312200]
"dlcxmon.exe"="c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe" [2007-01-12 292336]
"MemoryCardManager"="c:\program files\Dell Photo AIO Printer 926\memcard.exe" [2006-11-03 304008]
"DLCXCATS"="c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll" [2006-10-15 106496]
"Grid Service"="c:\program files\GridService\peer.exe" [2007-12-14 840192]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 39792]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

c:\users\Janet\AppData\Roaming\Microsoft\Windows\Start Menu\Programs\Startup\
Yahoo! Widgets.lnk - c:\program files\Yahoo!\Widgets\YahooWidgets.exe [2007-12-11 3746856]

c:\programdata\Microsoft\Windows\Start Menu\Programs\Startup\
Adobe Gamma Loader.lnk - c:\program files\Common Files\Adobe\Calibration\Adobe Gamma Loader.exe [2008-01-12 110592]
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-11-03 703280]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2008-01-04 50688]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]
QuickSet.lnk - c:\program files\Dell\QuickSet\quickset.exe [2007-07-20 1180952]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\progra~1\Google\GOOGLE~2\GOEC62~1.DLL

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Wdf01000.sys]
@="Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\TrendFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{B105F348-06C0-43D3-8712-0B0651064B85}"= c:\program files\Dell\MediaDirect\PowerCinema.exe:CyberLink PowerCinema
"{82445D22-FA72-4B33-9479-C36999F1AB73}"= c:\program files\Dell\MediaDirect\PCMService.exe:CyberLink PowerCinema Resident Program
"{006A5DD0-492E-4779-A5B3-30C2BCB2CC04}"= c:\program files\Dell\MediaDirect\Kernel\DMP\CLBrowserEngine.exe:Cyberlink Media Server Browser Engine
"{70B0C549-5729-4FA5-BDBC-1196A92520E2}"= c:\program files\Dell\MediaDirect\Kernel\DMS\CLMSService.exe:CyberLink Media Server
"{C23371C8-265C-42C9-A536-A51AF63DB867}"= UDP:c:\program files\iTunes\iTunes.exe:iTunes
"{A5D93B9F-949B-45D1-831F-D3FF3B6D0FF0}"= TCP:c:\program files\iTunes\iTunes.exe:iTunes
"{4B17E826-B3CA-4859-9237-ED16C225C266}"= UDP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{B03C6A6F-382D-4245-8DB7-0A078DDFC155}"= TCP:c:\program files\Common Files\AOL\Loader\aolload.exe:AOL Loader
"{916737EC-BEBD-43A1-AC1C-8F1550AE46E3}"= c:\program files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{B4A288A1-BF80-459E-BC51-3E2453C29DCB}"= UDP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{478BAE58-471A-4D52-8BB6-0AED1C8D5FE3}"= TCP:c:\windows\System32\dlcxcoms.exe:Lexmark Communications System
"{3919917C-B59F-408D-995B-5AFF46F46E74}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{793F8EAA-334F-4DF7-9FB0-C6997914C6C0}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxmon.exe:Device Monitor
"{2B1D0F20-925E-43F0-9038-94807DFC98C7}"= UDP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{237AF2F9-EC7C-42FB-BE3B-A4151ACD17FD}"= TCP:c:\program files\Dell Photo AIO Printer 926\dlcxaiox.exe:All In One Center
"{7A6E05BC-ED65-4A93-B661-FC6EDD09724A}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{CE721D30-6D2B-4840-BFE3-4EB9EBE84BEC}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{55472D24-FAE1-4EDD-B438-B770901BB566}"= UDP:11114:BitComet 11114 TCP
"{D3D35632-D399-4401-B336-961818405B72}"= TCP:11114:BitComet 11114 UDP
"{BB268F50-F18A-4F36-8751-DDE4A70D763E}"= UDP:11114:BitComet 11114 TCP
"{7D1344F6-4E16-493C-942C-0855A2F2BFD9}"= TCP:11114:BitComet 11114 UDP
"{D7EAB8B2-C65A-4108-B9A0-9F06E447F7AB}"= UDP:c:\program files\LimeWire\LimeWire.exe:LimeWire
"{C88284C1-6E7E-4777-894C-490D8A557ADE}"= TCP:c:\program files\LimeWire\LimeWire.exe:LimeWire

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\RestrictedServices\Static\System]
"DFSR-1"= RPort=5722|UDP:%SystemRoot%\system32\svchost.exe|Svc=DFSR:Allow inbound TCP traffic|

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

R2 AESTFilters;Andrea ST Filters Service;c:\windows\system32\aestsrv.exe [2008-01-04 73728]
R2 dlcx_device;dlcx_device;c:\windows\system32\dlcxcoms.exe -service []
R2 Tmntsrv;Trend Micro Real-time Service;c:\progra~1\TRENDM~1\INTERN~1\Tmntsrv.exe [2007-08-27 345432]
R2 TmPfw;Trend Micro Personal Firewall;c:\progra~1\TRENDM~1\INTERN~1\TmPfw.exe [2007-08-27 923216]
R2 tmpreflt;tmpreflt;c:\windows\system32\DRIVERS\tmpreflt.sys [2008-01-04 36368]
R2 tmproxy;Trend Micro Proxy Service;c:\progra~1\TRENDM~1\INTERN~1\tmproxy.exe [2007-08-27 566872]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2008-01-11 24652]
R3 b57nd60x;Broadcom NetXtreme Gigabit Ethernet - NDIS 6.0;c:\windows\system32\DRIVERS\b57nd60x.sys [2008-01-05 179712]
R3 OEM02Dev;Creative Camera OEM002 Driver;c:\windows\system32\DRIVERS\OEM02Dev.sys [2008-01-05 235520]
R3 OEM02Vfx;Creative Camera OEM002 Video VFX Driver;c:\windows\system32\DRIVERS\OEM02Vfx.sys [2008-01-05 7424]
R3 tmcfw;Trend Micro Common Firewall Service;c:\windows\system32\DRIVERS\TM_CFW.sys [2008-01-04 280392]
S3 GoogleDesktopManager-061008-081103;Google Desktop Manager 5.7.806.10245;"c:\program files\Google\Google Desktop Search\GoogleDesktop.exe" [2008-01-04 29744]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ
WindowsMobile REG_MULTI_SZ wcescomm rapimgr
LocalServiceRestricted REG_MULTI_SZ WcesComm RapiMgr

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{905a898b-53b6-11dd-bbe3-001dd9eb76d6}]
\shell\AutoRun\command - G:\LaunchU3.exe -a
.
.
------- Supplementary Scan -------
.
uStart Page = [You must be registered and logged in to see this link.]
IE: &D&ownload &with BitComet - c:\program files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - c:\program files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - c:\program files\BitComet\BitComet.exe/AddAllLink.htm
IE: Foxy ?? - c:\program files\Foxy\Foxy.exe/download.htm
IE: Send image to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
IE: Send page to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie.htm
FireFox -: Profile - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\ypoht65n.default\
FireFox -: prefs.js - SEARCH.DEFAULTURL - [You must be registered and logged in to see this link.]
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - c:\program files\Microsoft Silverlight\2.0.31005.0\npctrl.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npsnapfish.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npViewpoint.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npyaxmpb.dll
FF -: plugin - c:\program files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\users\Janet\AppData\Roaming\Mozilla\Firefox\Profiles\ypoht65n.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp071101000055.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, [You must be registered and logged in to see this link.]
Rootkit scan 2008-12-07 17:50:07
Windows 6.0.6000 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
DLCXCATS = rundll32 c:\windows\system32\spool\DRIVERS\W32X86\3\DLCXtime.dll,_RunDLLEntry@16???????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-12-07 17:52:15
ComboFix-quarantined-files.txt 2008-12-07 23:52:13
ComboFix2.txt 2008-12-07 18:40:28
ComboFix3.txt 2008-12-07 17:30:08

Pre-Run: 103,034,531,840 bytes free
Post-Run: 102,999,019,520 bytes free

259 --- E O F --- 2008-12-04 17:31:26

liljanjann
Novice
Novice

Posts Posts : 32
Joined Joined : 2008-12-07
OS OS : Windows Vista
Points Points : 29523
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Surprise! Zlob.g...please help!

Post by Belahzur on Sun Dec 07, 2008 11:59 pm

Looks good now, what problems remain?


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Surprise! Zlob.g...please help!

Post by liljanjann on Mon Dec 08, 2008 6:09 am

Everything seems to be good so far. Firefox and IE are running again, and the Windows Firewall popups have stopped. I'll post if any more problems come up. You're amazing, Belahzur! Thank you so much!!

liljanjann
Novice
Novice

Posts Posts : 32
Joined Joined : 2008-12-07
OS OS : Windows Vista
Points Points : 29523
# Likes # Likes : 0

View user profile

Back to top Go down

Solved Re: Surprise! Zlob.g...please help!

Post by Belahzur on Mon Dec 08, 2008 1:48 pm

Your version of Java is outdated and needs to be updated to take advantage of fixes that have eliminated security vulnerabilities.
Updating Java:

  • Download the latest version of [You must be registered and logged in to see this link.].
  • Select the first option where it says "Java SE Runtime Environment (JRE) 6 Update 11".
  • Click the "Download" button to the right.
  • In the Window that opens, select your platform and language, check the "agree" box, and click Continue.
  • Click on the link to download Windows Offline Installation and save to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Go to Start > Control Panel double-click on Add or Remove Programs and remove all older versions of Java.
  • Check any item with Java Runtime Environment (JRE or J2SE) in the name.
    - Examples of older versions in Add or Remove Programs:
    - Java 2 Runtime Environment, SE v1.4.2
    - J2SE Runtime Environment 5.0
    - J2SE Runtime Environment 5.0 Update 2
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java versions.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u11-windows-i586-p.exe that you downloaded to install the newest version.
Please make sure the new version of Java is installed before you run JavaRa.

Please download JavaRa from [You must be registered and logged in to see this link.]

  • First, unzip it.
  • Then run JavaRa.
  • Select English from the drop down menu and press Select.
  • This will open JavaRa.
  • Press Remove older versions
  • Press yes to the prompt.
  • It will make a log file of what it's removed.
  • Copy and paste the log back here.


[You must be registered and logged in to see this link.] - [You must be registered and logged in to see this link.] - Please PM me if I fail to respond within 24hrs.


Belahzur
Administrator
Administrator

Posts Posts : 34916
Joined Joined : 2008-08-03
Gender Gender : Male
OS OS : XP SP3 Media Centre
Points Points : 245059
# Likes # Likes : 1

View user profile

Back to top Go down

Solved Re: Surprise! Zlob.g...please help!

Post by Doctor Inferno on Sat Jan 03, 2009 3:43 am

Since this issue is resolved, this topic is closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter.

Everyone else, please open a new topic for your questions.


Please be a GeekPolice fan on [You must be registered and logged in to see this link.]



Have we helped you? [You must be registered and logged in to see this link.] | Doctor by day, ninja by night.

Doctor Inferno
Administrator
Administrator

Posts Posts : 12017
Joined Joined : 2007-12-26
Gender Gender : Male
OS OS : Windows 7 Home Premium and Ultimate X64
Protection Protection : Kaspersky PURE and Malwarebytes' Anti-Malware
Points Points : 104594
# Likes # Likes : 0

View user profile

Back to top Go down

View previous topic View next topic Back to top

- Similar topics

 
Permissions in this forum:
You cannot reply to topics in this forum