Search:  

 
theme to black backgroundlet page decide theme
HomeFind ServiceReviewsISP NewsFAQsForumsToolsDatabaseAbout 
 
   All ForumsHot TopicsGallery






how-to block ads


 
Forums » Up and Running » Security » Security Cleanup » Cant run SYSTEM RESTORE, NO SOUND, no ADMIN PRIVILEGES, etc.
Search Topic:
 Share Topic:
RSS topic:
toggle:
flat / full
normal / watch
Posting:
Links: ·SCU FAQ ·Pre-Clean Rules ·Site IMs ·VundoFix ·Zlob/Smitfraud ·MonaRonaDona
[Spyware] ntdll64 »
« [ZLOB] I think I have all of it but I want to make sure...  
AuthorAll Replies

Syco C

join:2009-05-19
Nicholasville, KY

reply to Syco C
Re: Cant run SYSTEM RESTORE, NO SOUND, no ADMIN PRIVILEGES, etc.

LOL my bad.. here it is

Start Time= Fri 05/22/2009 0:24:59.35

QuickScan did not find any signs of infected files

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))

2009-05-22 00:20:06 389120 ( A.... ) "C:\WINDOWS\system32\cmd.execf"
2009-05-22 00:06:36 64512 ( A..H. ) "C:\Documents and Settings\Owner\Application Data\dach100.dll"
2009-05-21 21:37:00 2969300 ( A...R ) "C:\ComboFix.exe"
2009-05-21 21:26:42 ( .D... ) "C:\Documents and Settings\Owner\Application Data\Malwarebytes"
2009-05-21 21:25:22 ( .D... ) "C:\Program Files\Malwarebytes' Anti-Malware"
2009-05-21 21:18:20 ( .D... ) "C:\Program Files\SUPERAntiSpyware"
2009-05-21 21:18:20 ( .D... ) "C:\Documents and Settings\Owner\Application Data\SUPERAntiSpyware.com"
2009-05-20 20:37:04 130048 ( A.... ) "C:\WINDOWS\PEV.exe"
2009-05-05 18:57:52 148888 ( A.... ) "C:\WINDOWS\system32\javaws.exe"
2009-05-05 18:57:52 144792 ( A.... ) "C:\WINDOWS\system32\javaw.exe"
2009-05-05 18:57:52 144792 ( A.... ) "C:\WINDOWS\system32\java.exe"
2009-05-05 18:57:50 410984 ( A.... ) "C:\WINDOWS\system32\deploytk.dll"
2009-04-20 12:56:28 31232 ( A.... ) "C:\WINDOWS\NIRCMD.exe"
2009-04-17 18:15:12 156672 ( A.... ) "C:\WINDOWS\system32\rmc_fixasf.exe"
2009-04-17 18:15:10 237568 ( A.... ) "C:\WINDOWS\system32\rmc_rtspdl.dll"
2009-04-17 18:14:06 323584 ( A.... ) "C:\WINDOWS\system32\AUDIOGENIE2.DLL"
2009-04-15 11:34:56 ( .D... ) "C:\Program Files\AskBarDis"
2009-04-15 11:34:10 ( .D... ) "C:\Program Files\DVDVideoSoft"
2009-04-15 11:34:10 ( .D... ) "C:\Program Files\Common Files\DVDVideoSoft"
2009-04-07 14:47:54 ( .D... ) "C:\Program Files\Common Files\Adobe Systems Shared"
2009-04-06 10:57:24 24921544 ( A.... ) "C:\WINDOWS\system32\MRT.exe"
2009-03-21 10:06:58 989696 ( A.... ) "C:\WINDOWS\system32\kernel32.dll"
2009-03-16 15:38:20 2528 ( A.... ) "C:\Documents and Settings\Owner\Application Data\$_hpcst$.hpc"
2009-03-06 10:22:18 284160 ( A.... ) "C:\WINDOWS\system32\pdh.dll"
2009-03-02 20:18:26 826368 ( A.... ) "C:\WINDOWS\system32\wininet.dll"

((((((((((((((((((((((((((((((((((((((((((((( Reg Loading Points )))))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"SunJavaUpdateSched"="\"C:\\Program Files\\Java\\jre6\\bin\\jusched.exe\""
"hpsysdrv"="c:\\windows\\system\\hpsysdrv.exe"
"HotKeysCmds"="C:\\WINDOWS\\System32\\hkcmd.exe"
"KBD"="C:\\HP\\KBD\\KBD.EXE"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"Recguard"="C:\\WINDOWS\\SMINST\\RECGUARD.EXE"
"LTMSG"="LTMSG.exe 7"
"PS2"="C:\\WINDOWS\\system32\\ps2.exe"
"AlcxMonitor"="ALCXMNTR.EXE"
"IgfxTray"="C:\\WINDOWS\\System32\\igfxtray.exe"
"VolPanel"="\"C:\\Program Files\\Creative\\Sound Blaster X-Fi\\Volume Panel\\VolPanlu.exe\" /r"
"AudioDrvEmulator"="\"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\DLLML.exe\" -1 AudioDrvEmulator \"C:\\Program Files\\Creative\\Shared Files\\Module Loader\\Audio Emulator\\AudDrvEm.dll\""
"CTHelper"="CTHELPER.EXE"
"CTxfiHlp"="CTXFIHLP.EXE"
"UpdReg"="C:\\WINDOWS\\UpdReg.EXE"
"LifeCam"="\"C:\\Program Files\\Microsoft LifeCam\\LifeExp.exe\""
"COMODO Firewall Pro"="\"C:\\Program Files\\COMODO\\Firewall\\cfp.exe\" -s"
"NeroFilterCheck"="C:\\Program Files\\Common Files\\Ahead\\Lib\\NeroCheck.exe"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"egui"="\"C:\\Program Files\\ESET\\ESET NOD32 Antivirus\\egui.exe\" /hide /waitservice"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"Installed"="1"
"NoChange"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft\Windows]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft\Windows\CurrentVersion]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"HonorAutoRunSetting"=dword:00000001
"NoDriveAutoRun"=dword:03ffffff
"NoDriveTypeAutoRun"=dword:00000143
"NoDrives"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"AIM"="C:\\Program Files\\AIM\\aim.exe -cnetwait.odl"
"LightScribe Control Panel"="C:\\Program Files\\Common Files\\LightScribe\\LightScribeControlPanel.exe -hidden"
"H/PC Connection Agent"="\"C:\\Program Files\\Microsoft ActiveSync\\wcescomm.exe\""
"SUPERAntiSpyware"="C:\\Program Files\\SUPERAntiSpyware\\SUPERAntiSpyware.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run\AdobeUpdater]
@=""

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"disableregistrytools"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000143
"NoDriveAutoRun"=dword:03ffffff

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^Owner^Start Menu^Programs^Startup^Battery Doubler.lnk]
"path"="C:\\Documents and Settings\\Owner\\Start Menu\\Programs\\Startup\\Battery Doubler.lnk"
"backup"="C:\\WINDOWS\\pss\\Battery Doubler.lnkStartup"
"location"="Startup"
"command"="C:\\PROGRA~1\\DACHSH~1\\BATTER~1\\BATTER~1.EXE "
"item"="Battery Doubler"

Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\Check Updates for Windows Live Toolbar.job

Completion time: Fri 05/22/2009 0:29:03.25
ComboFix ver 06.06.17 - This logfile is located at C:\ComboFix.txt
to forum · permalink · · 2009-05-22 00:51:11 · (locked)
Thread is
-
Forums » Up and Running » Security » Security Cleanup[Spyware] ntdll64 »
« [ZLOB] I think I have all of it but I want to make sure...  

Monday, 14-Dec 16:02:49 Terms of Use | Privacy Policy | Hosting by www.nac.net - DSL,Hosting & Co-lo | feedback | contact
over 10 years online! © 1999-2009 dslreports.com.
page compression OFF
Most commented news this week
· [93] Google To Sell Phone Directly To Consumers
· [60] TiVO Tries To Figure Out Where It Fits
· [45] Faster Verizon DSL Service Will Burn Your House Down
· [39] NY Times: AT&T 3G Network Is Secretly Awesome
· [15] Rural Broadband User? You're Screwed
· [13] Sweden First To Get LTE Service
· [1] Monday Morning Links
Most people now reading
· Official Mediacom Email Discussion Thread [Mediacom]
· Ashen Verdict Rep farming guide (ICC 10) [World of Warcraft]
· personal check etiquette [General Questions]
· IMG 1.7 (IMG Updates and Discussion) [Verizon FIOS TV]
· Wind to get Cabinet intervention possibly today [TekSavvy]
· [Rant] BUG in MY FOOD, After i ate 90% of it.. [Rants, Raves, and Praise]
· Windows 7 boot manager editing questions [Microsoft Help]
· DKs and their obsession with Agility [World of Warcraft]
· 3.x Feral Druid - Bear Tanking Guide [World of Warcraft]
· What does it cost to use licensed frequencies? [Wireless Service Providers]