 |
 |
| Help removing Antivirus 2008-pro pop ups |
| 
danny-boy
New Member
Date Joined Aug 2007
Total Posts : 37
| Posted 7-12-2008 1:14 (GMT +2) |   | Hello (again) all 
I clicked an innocent looking link the other day and Iam now being plagued by a program popping up every 2 minutes telling me to scan with their anti spyware program, Antivirus 2008-pro.
I remember seeing a few posts some months back for similar probs and I have tried to find how they were resolved but to no avail.
Please can one of you guys have a look at these logs and suggest a solution.
ComboFix 07-08-04.3 - "Shoot and Surf" 2008-07-12 11:49:39.16 [GMT 1:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
2008-07-11 22:50 245,760 --a------ C:\WINDOWS\fsrpknov.dll
2008-07-11 22:50 163,840 --a------ C:\WINDOWS\enfp.exe
2008-07-11 22:50 159,744 --a------ C:\WINDOWS\sqvgnrpx.dll
2008-07-11 22:50 102,400 --a------ C:\WINDOWS\gpefaowr.exe
2008-07-11 22:50 <DIR> d-------- C:\Program Files\Antivirus 2008 PRO
2008-07-01 16:50 <DIR> d-------- C:\DOCUME~1\SHOOTA~1\APPLIC~1\Ulead Systems
2008-07-01 16:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
2008-07-01 16:48 <DIR> d-------- C:\WINDOWS\Noslip
2008-06-20 18:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 11:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-19 19:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-19 19:33 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-19 19:33 <DIR> d-------- C:\Program Files\Xvid
2008-06-19 19:26 <DIR> d-------- C:\Program Files\AVIcodec
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-07-12 11:51 28678176 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-11 23:05 338804 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-09 19:38 --------- d-------- C:\Program Files\SpywareGuard
2008-07-07 16:04 --------- d--h----- C:\Program Files\InstallShield Installation Information
2008-07-07 16:04 --------- d-------- C:\Program Files\Common Files\InstallShield
2008-07-06 20:54 --------- d-------- C:\DOCUME~1\SHOOTA~1\APPLIC~1\uTorrent
2008-07-01 19:43 --------- d-------- C:\Program Files\YouTube Video Converter
2008-06-20 18:41 245248 --a------ C:\WINDOWS\system32\mswsock.dll
2008-06-20 18:41 148992 --a--c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:45 360320 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:45 360320 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:44 138368 --a------ C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:52 225920 --a--c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 10:52 225920 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 14:20 --------- d-------- C:\Program Files\SpywareBlaster
2008-06-13 14:10 272128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 14:10 272128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-05-26 16:47 --------- d-------- C:\Program Files\Xilisoft
2008-05-26 16:47 --------- d-------- C:\Program Files\CyberLink
2008-05-26 16:46 --------- d-------- C:\Program Files\AoA DVD Ripper
2008-05-16 00:24 1152888 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-05-16 00:20 78416 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-05-16 00:18 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-05-16 00:16 20560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-05-16 00:15 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-05-16 00:14 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-05-16 00:13 26944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-05-16 00:12 95608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-05-08 13:28 202752 --a--c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 06:18 1287680 --a------ C:\WINDOWS\system32\quartz.dll
2008-05-07 06:18 1287680 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 22:16 3591680 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 05:16 826368 -----c--- C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-23 05:16 671232 -----c--- C:\WINDOWS\system32\dllcache\mstime.dll
2008-04-23 05:16 63488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-23 05:16 6066176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-23 05:16 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-23 05:16 478208 -----c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-04-23 05:16 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-23 05:16 44544 --a--c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-04-23 05:16 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2008-04-23 05:16 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2008-04-23 05:16 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-23 05:16 347136 --a--c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-04-23 05:16 27648 -----c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-04-23 05:16 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-23 05:16 233472 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2008-04-23 05:16 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2008-04-23 05:16 214528 -----c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-04-23 05:16 193024 -----c--- C:\WINDOWS\system32\dllcache\msrating.dll
2008-04-23 05:16 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2008-04-23 05:16 133120 -----c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2008-04-23 05:16 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2008-04-23 05:16 1159680 -----c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2008-04-23 05:16 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2008-04-23 05:16 102912 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2008-04-22 10:19 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-22 08:40 625664 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 08:39 70656 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 08:39 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 06:07 161792 -----c--- C:\WINDOWS\system32\dllcache\ieakui.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-22 10:19 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-22 10:19 262144]
[HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 00:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware\avgas.exe" [2007-06-11 10:25]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2002-08-15 04:56]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-15 18:36]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-03-25 10:48]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" [2008-07-11 22:50]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\Shoot and Surf\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"fsrpknov"= {9306B8FD-3AB3-404B-A2E0-F9EEF5523A9F} - C:\WINDOWS\fsrpknov.dll [2008-07-11 16:48 245760]
"fdxbameg"= {BA10377E-EE41-45D3-8E8D-AD402A8D816E} - C:\WINDOWS\fdxbameg.dll [ ]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\ngrpci.sys
S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 nmwcdc;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 nmwcdcm;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Pcouffin;Low level access layer for CD devices;C:\WINDOWS\system32\Drivers\Pcouffin.sys
S3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##B2P1#CD]
AutoRun\command- Z:\setup.exe
Contents of the 'Scheduled Tasks' folder
2008-07-10 19:45:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 11:51:35
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2008-07-12 11:55:07
C:\ComboFix2.txt ... 2008-07-09 17:50
C:\ComboFix3.txt ... 2008-06-26 12:16
--- E O F ---
Logfile of HijackThis v1.99.1
Scan saved at 11:48, on 2008-07-12
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware\avgas.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Shoot and Surf\Desktop\alternativ.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: sqvgnrpx - {8D52F0EB-21CC-422D-8042-D2F69614D8A6} - C:\WINDOWS\sqvgnrpx.dll
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware\avgas.exe" /minimized
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169548038590
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185915687807
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: fsrpknov - {9306B8FD-3AB3-404B-A2E0-F9EEF5523A9F} - C:\WINDOWS\fsrpknov.dll
O21 - SSODL: fdxbameg - {BA10377E-EE41-45D3-8E8D-AD402A8D816E} - C:\WINDOWS\fdxbameg.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
Much appreciated | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 12823
| Posted 7-12-2008 1:21 (GMT +2) | | Hello 
If the tool fails to launch from the Desktop, please move SmitfraudFix.exe directly to the root of the system drive (normally C:), and launch from there.
Please print out or copy this page to Notepad as you will be in Safe Mode and unable to refer to this page.
Reboot your computer in Safe Mode (before the Windows icon appears, tap the F8 key continually)
Double-click on SmitfraudFix.exe
Select option #2 - Clean by typing 2 and press "Enter" to delete infected files.
You will be prompted : "Registry cleaning - Do you want to clean the registry ?"; answer "Yes" by typing Y and press "Enter" in order to remove the Desktop background and clean registry keys associated with the infection.
The tool will now check if wininet.dll is infected. You may be prompted to replace the infected file (if found); answer "Yes" by typing Y and press "Enter".
The tool may need to restart your computer to finish the cleaning process; if it doesn't, please restart it into Normal Windows.
A text file will appear onscreen, with results from the cleaning process; please copy/paste the content of that report into your next reply.
The report can also be found at the root of the system drive, normally C:\rapport.txt
Post a fresh combofix log with rapport txt,
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
danny-boy
New Member
Date Joined Aug 2007
Total Posts : 37
| Posted 7-12-2008 7:20 (GMT +2) | | Superfast response!! 7 MIns?!!!
Here are logs, not sure how well it worked as tried a few times but pop ups kept happening during scans, also 'Disk cleanup' kept opening during Smitfraud.
Also had to delete about 30 pages of smitfraud ( Only loads of 127.0.0.1 part) to get log uploaded.
ComboFix 07-08-04.3 - "Shoot and Surf" 2008-07-12 13:34:39.18 [GMT 1:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.True
((((((((((((((((((((((((( Files Created from 2008-06-12 to 2008-07-12 )))))))))))))))))))))))))))))))
2008-07-12 12:35 2,820 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-12 12:31 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-12 12:31 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-12 12:31 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-12 12:31 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-12 12:31 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-12 12:31 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-12 12:31 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-12 12:31 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-12 12:31 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-11 22:50 163,840 --a------ C:\WINDOWS\enfp.exe
2008-07-11 22:50 102,400 --a------ C:\WINDOWS\gpefaowr.exe
2008-07-11 22:50 <DIR> d-------- C:\Program Files\Antivirus 2008 PRO
2008-07-01 16:50 <DIR> d-------- C:\DOCUME~1\SHOOTA~1\APPLIC~1\Ulead Systems
2008-07-01 16:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
2008-07-01 16:48 <DIR> d-------- C:\WINDOWS\Noslip
2008-06-20 18:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 11:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-19 19:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-19 19:33 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-19 19:33 <DIR> d-------- C:\Program Files\Xvid
2008-06-19 19:26 <DIR> d-------- C:\Program Files\AVIcodec
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-07-12 12:36 28735520 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-12 11:59 339284 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-09 19:38 --------- d-------- C:\Program Files\SpywareGuard
2008-07-07 16:04 --------- d--h----- C:\Program Files\InstallShield Installation Information
2008-07-07 16:04 --------- d-------- C:\Program Files\Common Files\InstallShield
2008-07-06 20:54 --------- d-------- C:\DOCUME~1\SHOOTA~1\APPLIC~1\uTorrent
2008-07-01 19:43 --------- d-------- C:\Program Files\YouTube Video Converter
2008-06-20 18:41 245248 --a------ C:\WINDOWS\system32\mswsock.dll
2008-06-20 18:41 148992 --a--c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:45 360320 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:45 360320 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:44 138368 --a------ C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:52 225920 --a--c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 10:52 225920 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 14:20 --------- d-------- C:\Program Files\SpywareBlaster
2008-06-13 14:10 272128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 14:10 272128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-05-26 16:47 --------- d-------- C:\Program Files\Xilisoft
2008-05-26 16:47 --------- d-------- C:\Program Files\CyberLink
2008-05-26 16:46 --------- d-------- C:\Program Files\AoA DVD Ripper
2008-05-16 00:24 1152888 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-05-16 00:20 78416 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-05-16 00:18 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-05-16 00:16 20560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-05-16 00:15 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-05-16 00:14 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-05-16 00:13 26944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-05-16 00:12 95608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-05-08 13:28 202752 --a--c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 06:18 1287680 --a------ C:\WINDOWS\system32\quartz.dll
2008-05-07 06:18 1287680 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 22:16 3591680 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 05:16 826368 -----c--- C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-23 05:16 671232 -----c--- C:\WINDOWS\system32\dllcache\mstime.dll
2008-04-23 05:16 63488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-23 05:16 6066176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-23 05:16 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-23 05:16 478208 -----c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-04-23 05:16 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-23 05:16 44544 --a--c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-04-23 05:16 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2008-04-23 05:16 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2008-04-23 05:16 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-23 05:16 347136 --a--c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-04-23 05:16 27648 -----c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-04-23 05:16 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-23 05:16 233472 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2008-04-23 05:16 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2008-04-23 05:16 214528 -----c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-04-23 05:16 193024 -----c--- C:\WINDOWS\system32\dllcache\msrating.dll
2008-04-23 05:16 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2008-04-23 05:16 133120 -----c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2008-04-23 05:16 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2008-04-23 05:16 1159680 -----c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2008-04-23 05:16 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2008-04-23 05:16 102912 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2008-04-22 10:19 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-22 08:40 625664 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 08:39 70656 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 08:39 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 06:07 161792 -----c--- C:\WINDOWS\system32\dllcache\ieakui.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-22 10:19 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-22 10:19 262144]
[HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 00:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware\avgas.exe" [2007-06-11 10:25]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2002-08-15 04:56]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-15 18:36]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-03-25 10:48]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" [2008-07-11 22:50]
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\Shoot and Surf\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"fsrpknov"= {9306B8FD-3AB3-404B-A2E0-F9EEF5523A9F} - C:\WINDOWS\fsrpknov.dll [ ]
"fdxbameg"= {BA10377E-EE41-45D3-8E8D-AD402A8D816E} - C:\WINDOWS\fdxbameg.dll [ ]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\ngrpci.sys
S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 nmwcdc;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 nmwcdcm;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Pcouffin;Low level access layer for CD devices;C:\WINDOWS\system32\Drivers\Pcouffin.sys
S3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##B2P1#CD]
AutoRun\command- Z:\setup.exe
Contents of the 'Scheduled Tasks' folder
2008-07-10 19:45:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-12 13:38:31
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2008-07-12 13:42:47
--- E O F ---
SmitFraudFix v2.329
Scan done at 13:24:13.89, 12/07/2008
Run from C:\Documents and Settings\Shoot and Surf\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1 abloga.info #[Spamdexing]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 valueclick.com #[eTrust.Tracking.Cookie][SunBelt.ValueClick.com]
127.0.0.1 st.valueclick.ne.jp
127.0.0.1 oz.valueclick.ne.jp
127.0.0.1 ads.bfm.valueclick.net
127.0.0.1 ads.blp.valueclick.net
127.0.0.1 ads.fhm.valueclick.net
127.0.0.1 ads.he.valueclick.net
127.0.0.1 ads.hnet.valueclick.net
127.0.0.1 ads.mplx.valueclick.net
127.0.0.1 ads.mtv.valueclick.net
127.0.0.1 ads.mv.valueclick.net
127.0.0.1 ads.npr.valueclick.net
127.0.0.1 ads.pr.valueclick.net
127.0.0.1 ads.scot.valueclick.net
127.0.0.1 ads.vcuk.valueclick.net
127.0.0.1 cdn.valueclick.net
127.0.0.1 images.valueclickmedia.com
127.0.0.1 ab.vcmedia.com
127.0.0.1 www.yceml.net
127.0.0.1 adfarm.mplx.akadns.net #[SiteAdvisor.livingwater4u.com]
127.0.0.1 img.mplx.akadns.net #[SiteAdvisor.aim.com]
127.0.0.1 webclients.net #[Webclients Ad Network]
127.0.0.1 banners3.webclients.net
127.0.0.1 www.webclients.net
127.0.0.1 websponsors.com
127.0.0.1 a.websponsors.com #[SunBelt.a.websponsors]
127.0.0.1 ads.websponsors.com
127.0.0.1 g.websponsors.com #[Whois.Blacklisted]
127.0.0.1 ocs.websponsors.com
127.0.0.1 www.websponsors.com
127.0.0.1 fastclick.com
127.0.0.1 www.fastclick.com #[SunBelt.FastClick.com]
127.0.0.1 cdn.fastclick.net
127.0.0.1 code.fastclick.net
127.0.0.1 images.fastclick.net #[Panda.Spyware:Cookie/FastClick]
127.0.0.1 media.fastclick.net
127.0.0.1 secure.fastclick.net #[Tenebril.Tracking.Cookie]
127.0.0.1 fastclick.com.edgesuite.net #[a1795.g.akamai.net]
127.0.0.1 www.bestsearchonearth.info
127.0.0.1 info.browserdirect.net
127.0.0.1 casalamedia.com
127.0.0.1 www.casalamedia.com #[qsrch.com]
127.0.0.1 data.cybersearching.net #[qsrch.net][Wildcard DNS]
127.0.0.1 hit.elevonsearch.com
127.0.0.1 www.elevonsearch.com
127.0.0.1 clicks.emarketmakers.com
127.0.0.1 www.enconfidence.com #[Enconfidence]
127.0.0.1 search.findsall.info
127.0.0.1 www.findallresults.net #[qsrch.net]
127.0.0.1 hit.getyourdatahere.com
127.0.0.1 www.getyourdatahere.com
127.0.0.1 find.greatsearch.info
127.0.0.1 result.goodsearch.info
127.0.0.1 www.esearchandfind.org
127.0.0.1 clicks.jackpot.com
127.0.0.1 www.jackpot.com #[MVPS.Criteria][SiteAdvisor.jackpot.com]
127.0.0.1 hit.lookupanything.biz #[qsrch.net]
127.0.0.1 ads.mydailyhoroscope.net #[SunBelt.MyDailyHoroscope]
127.0.0.1 clicks.mydailyhoroscope.net #[ADW_MYDLYSCOPE.A]
127.0.0.1 www.mydailyhoroscope.net #[Adware.Horoscope]
127.0.0.1 www.myphonebillsavings.com
127.0.0.1 www.mysearchnet.org
127.0.0.1 www.new.chat.new.net
127.0.0.1 eps.new.search.new.net
127.0.0.1 client.newdotnet.net
127.0.0.1 client.new.tech.new.net
127.0.0.1 www.firstlook.movie.new.net
127.0.0.1 upgrade.newdotnet.net
127.0.0.1 upgrade.new.tech.new.net
127.0.0.1 www.newdotnet.com #[[eTrust.New.Net.Domain.Plugin]]
127.0.0.1 www.new.net #[McAfee.Adware.NDotNet][ADW_NEWNET.A]
127.0.0.1 www.onestepsearch.net
127.0.0.1 www.onestepsearch.biz
127.0.0.1 adopt.precisead.com #[SpySweeper.Spy.Cookie]
127.0.0.1 blue.qsrch.net
127.0.0.1 pjn.qsrch.net
127.0.0.1 search.qsrch.net
127.0.0.1 www.qsrch.net #[Spyware.QuickSearch]
127.0.0.1 2cool.qsrch.com #[SpySweeper.Spy.Cookie]
127.0.0.1 bgw.qsrch.com
127.0.0.1 dash.qsrch.com #[qsrch.net]
127.0.0.1 hp.qsrch.com
127.0.0.1 moniker.qsrch.com
127.0.0.1 newnet.qsrch.com #[Panda.Spyware:Cookie/Qsrch]
127.0.0.1 nnsearch.qsrch.com
127.0.0.1 regfly.qsrch.com
127.0.0.1 rg.qsrch.com
127.0.0.1 search.qsrch.com
127.0.0.1 worldwide.qsrch.com
127.0.0.1 www.qsrch.com #[SiteAdvisor.qsrch.com]
127.0.0.1 www.quickbrowsersearch.com #[McAfee.Adware-Quickbar.dr]
127.0.0.1 redhatmovie.com
127.0.0.1 www.redhatmovie.com
127.0.0.1 www2.redhatmovie.com
127.0.0.1 sexmoviesisland.com
127.0.0.1 videosexygirls.net
127.0.0.1 www2.videosexygirls.net
127.0.0.1 wmvmedialease.com #[Trojan.Win32.Agent.ahp]
127.0.0.1 worldmovie!!!.com
127.0.0.1 www.emporn.com #[Malicious.Links.Zango]
127.0.0.1 servedby.fathomtech.com
127.0.0.1 www.free!!!!!!!movies.us #[Malicious.Links.Zango]
127.0.0.1 www.free!!!!!!!videos.us
127.0.0.1 www.mommaporn.com
127.0.0.1 www.pokemonporn.us #[Malicious.Links.Zango]
127.0.0.1 www.wwe-divas.org
127.0.0.1 servedby.xcelltech.com
127.0.0.1 www.xcelltech.com
127.0.0.1 smutvidoftheday.com #[Win32/TrojanDownloader.Agent.NJC]
127.0.0.1 www.smutvidoftheday.com #[SiteAdvisor.smutvidoftheday.com]
127.0.0.1 www.xscincorporated.com
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
HKLM\SYSTEM\CCS\Services\Tcpip\..\{75B221E3-550D-428C-B701-61DA2AB8F8C7}: DhcpNameServer=194.168.4.100 194.168.8.100
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=194.168.4.100 194.168.8.100
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End | | Back to Top | | |
|
danny-boy
New Member
Date Joined Aug 2007
Total Posts : 37
| Posted 7-13-2008 12:52 (GMT +2) | | A bit weird but turned on PC today and all icons have vanished and no pop ups, however knowing virus's I shant trust this so heres some new logs:
Logfile of HijackThis v1.99.1
Scan saved at 11:45:23, on 13/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Grisoft\AVG Anti-Spyware\guard.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\BroadJump\Client Foundation\CFD.exe
C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Grisoft\AVG Anti-Spyware\avgas.exe
C:\WINDOWS\system32\LXSUPMON.EXE
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\SpywareGuard\sgmain.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Shoot and Surf\Desktop\alternativ.exe
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - (no file)
O2 - BHO: ZoneAlarm Spy Blocker BHO - {F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: ZoneAlarm Spy Blocker - {F0D4B239-DA4B-4daf-81E4-DFEE4931A4AA} - C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
O3 - Toolbar: sqvgnrpx - {8D52F0EB-21CC-422D-8042-D2F69614D8A6} - C:\WINDOWS\sqvgnrpx.dll (file missing)
O4 - HKLM\..\Run: [Cmaudio] RunDll32 cmicnfg.cpl,CMICtrlWnd
O4 - HKLM\..\Run: [BJCFD] "C:\Program Files\BroadJump\Client Foundation\CFD.exe"
O4 - HKLM\..\Run: [PCSuiteTrayApplication] "C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" -startup
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware\avgas.exe" /minimized
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\system32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [ZoneAlarm Client] "C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [ccleaner] "C:\Program Files\CCleaner\ccleaner.exe" /AUTO
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [antivirus-2008pro.exe] C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe
O4 - Startup: SpywareGuard.lnk = C:\Program Files\SpywareGuard\sgmain.exe
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.microsoft.com/windowsupdate/v6/V5Controls/en/x86/client/wuweb_site.cab?1169548038590
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftupdate/v6/V5Controls/en/x86/client/muweb_site.cab?1185915687807
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O21 - SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - C:\WINDOWS\system32\WPDShServiceObj.dll
O21 - SSODL: fsrpknov - {9306B8FD-3AB3-404B-A2E0-F9EEF5523A9F} - C:\WINDOWS\fsrpknov.dll (file missing)
O21 - SSODL: fdxbameg - {BA10377E-EE41-45D3-8E8D-AD402A8D816E} - C:\WINDOWS\fdxbameg.dll (file missing)
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe" /service (file missing)
O23 - Service: avast! Web Scanner - Unknown owner - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe" /service (file missing)
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware\guard.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\PC Connectivity Solution\ServiceLayer.exe
O23 - Service: TrueVector Internet Monitor (vsmon) - Zone Labs, LLC - C:\WINDOWS\system32\ZoneLabs\vsmon.exe
ComboFix 07-08-04.3 - "Shoot and Surf" 2008-07-13 11:35:54.19 [GMT 1:00] - NTFS
Microsoft Windows XP Professional 5.1.2600.2.1252.44.1033.18.True
((((((((((((((((((((((((( Files Created from 2008-06-13 to 2008-07-13 )))))))))))))))))))))))))))))))
2008-07-12 12:35 2,820 --a------ C:\WINDOWS\system32\tmp.reg
2008-07-12 12:31 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-12 12:31 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-12 12:31 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-12 12:31 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-12 12:31 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-12 12:31 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-12 12:31 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-12 12:31 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-12 12:31 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-07-11 22:50 163,840 --a------ C:\WINDOWS\enfp.exe
2008-07-11 22:50 102,400 --a------ C:\WINDOWS\gpefaowr.exe
2008-07-11 22:50 <DIR> d-------- C:\Program Files\Antivirus 2008 PRO
2008-07-01 16:50 <DIR> d-------- C:\DOCUME~1\SHOOTA~1\APPLIC~1\Ulead Systems
2008-07-01 16:49 <DIR> d-------- C:\DOCUME~1\ALLUSE~1\APPLIC~1\Ulead Systems
2008-07-01 16:48 <DIR> d-------- C:\WINDOWS\Noslip
2008-06-20 18:41 245,248 -----c--- C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 11:44 138,368 -----c--- C:\WINDOWS\system32\dllcache\afd.sys
2008-06-19 19:33 765,952 --a------ C:\WINDOWS\system32\xvidcore.dll
2008-06-19 19:33 180,224 --a------ C:\WINDOWS\system32\xvidvfw.dll
2008-06-19 19:33 <DIR> d-------- C:\Program Files\Xvid
2008-06-19 19:26 <DIR> d-------- C:\Program Files\AVIcodec
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
2008-07-13 11:38 29157408 --ahs---- C:\WINDOWS\system32\drivers\fidbox.dat
2008-07-13 11:25 344564 --ahs---- C:\WINDOWS\system32\drivers\fidbox.idx
2008-07-09 19:38 --------- d-------- C:\Program Files\SpywareGuard
2008-07-07 16:04 --------- d--h----- C:\Program Files\InstallShield Installation Information
2008-07-07 16:04 --------- d-------- C:\Program Files\Common Files\InstallShield
2008-07-06 20:54 --------- d-------- C:\DOCUME~1\SHOOTA~1\APPLIC~1\uTorrent
2008-07-01 19:43 --------- d-------- C:\Program Files\YouTube Video Converter
2008-06-20 18:41 245248 --a------ C:\WINDOWS\system32\mswsock.dll
2008-06-20 18:41 148992 --a--c--- C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:45 360320 --a--c--- C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:45 360320 --a------ C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 11:44 138368 --a------ C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:52 225920 --a--c--- C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-20 10:52 225920 --a------ C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-17 14:20 --------- d-------- C:\Program Files\SpywareBlaster
2008-06-13 14:10 272128 --a--c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-13 14:10 272128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-05-26 16:47 --------- d-------- C:\Program Files\Xilisoft
2008-05-26 16:47 --------- d-------- C:\Program Files\CyberLink
2008-05-26 16:46 --------- d-------- C:\Program Files\AoA DVD Ripper
2008-05-16 00:24 1152888 --a------ C:\WINDOWS\system32\aswBoot.exe
2008-05-16 00:20 78416 --a------ C:\WINDOWS\system32\drivers\aswSP.sys
2008-05-16 00:18 94416 --a------ C:\WINDOWS\system32\drivers\aswmon2.sys
2008-05-16 00:16 20560 --a------ C:\WINDOWS\system32\drivers\aswFsBlk.sys
2008-05-16 00:15 23152 --a------ C:\WINDOWS\system32\drivers\aswRdr.sys
2008-05-16 00:14 42912 --a------ C:\WINDOWS\system32\drivers\aswTdi.sys
2008-05-16 00:13 26944 --a------ C:\WINDOWS\system32\drivers\aavmker4.sys
2008-05-16 00:12 95608 --a------ C:\WINDOWS\system32\AvastSS.scr
2008-05-08 13:28 202752 --a--c--- C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 06:18 1287680 --a------ C:\WINDOWS\system32\quartz.dll
2008-05-07 06:18 1287680 -----c--- C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 22:16 3591680 -----c--- C:\WINDOWS\system32\dllcache\mshtml.dll
2008-04-23 05:16 826368 -----c--- C:\WINDOWS\system32\dllcache\wininet.dll
2008-04-23 05:16 671232 -----c--- C:\WINDOWS\system32\dllcache\mstime.dll
2008-04-23 05:16 63488 -----c--- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-23 05:16 6066176 -----c--- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-23 05:16 52224 -----c--- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-23 05:16 478208 -----c--- C:\WINDOWS\system32\dllcache\mshtmled.dll
2008-04-23 05:16 459264 -----c--- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-23 05:16 44544 --a--c--- C:\WINDOWS\system32\dllcache\pngfilt.dll
2008-04-23 05:16 44544 -----c--- C:\WINDOWS\system32\dllcache\iernonce.dll
2008-04-23 05:16 384512 -----c--- C:\WINDOWS\system32\dllcache\iedkcs32.dll
2008-04-23 05:16 383488 -----c--- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-23 05:16 347136 --a--c--- C:\WINDOWS\system32\dllcache\dxtmsft.dll
2008-04-23 05:16 27648 -----c--- C:\WINDOWS\system32\dllcache\jsproxy.dll
2008-04-23 05:16 267776 -----c--- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-23 05:16 233472 -----c--- C:\WINDOWS\system32\dllcache\webcheck.dll
2008-04-23 05:16 230400 -----c--- C:\WINDOWS\system32\dllcache\ieaksie.dll
2008-04-23 05:16 214528 -----c--- C:\WINDOWS\system32\dllcache\dxtrans.dll
2008-04-23 05:16 193024 -----c--- C:\WINDOWS\system32\dllcache\msrating.dll
2008-04-23 05:16 153088 -----c--- C:\WINDOWS\system32\dllcache\ieakeng.dll
2008-04-23 05:16 133120 -----c--- C:\WINDOWS\system32\dllcache\extmgr.dll
2008-04-23 05:16 124928 -----c--- C:\WINDOWS\system32\dllcache\advpack.dll
2008-04-23 05:16 1159680 -----c--- C:\WINDOWS\system32\dllcache\urlmon.dll
2008-04-23 05:16 105984 -----c--- C:\WINDOWS\system32\dllcache\url.dll
2008-04-23 05:16 102912 -----c--- C:\WINDOWS\system32\dllcache\occache.dll
2008-04-22 10:19 4212 ---h----- C:\WINDOWS\system32\zllictbl.dat
2008-04-22 08:40 625664 -----c--- C:\WINDOWS\system32\dllcache\iexplore.exe
2008-04-22 08:39 70656 -----c--- C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-04-22 08:39 13824 -----c--- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-20 06:07 161792 -----c--- C:\WINDOWS\system32\dllcache\ieakui.dll
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
*Note* empty entries & legit default entries are not shown
[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{F0D4B231-DA4B-4daf-81E4-DFEE4931A4AA}]
2008-04-22 10:19 262144 --a------ C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL
[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}"= C:\Program Files\ZoneAlarmSB\bar\1.bin\SPYBLOCK.DLL [2008-04-22 10:19 262144]
[HKEY_CLASSES_ROOT\CLSID\{F0D4B239-DA4B-4DAF-81E4-DFEE4931A4AA}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Cmaudio"="cmicnfg.cpl" []
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2003-01-27 17:16]
"PCSuiteTrayApplication"="C:\Program Files\Nokia\Nokia PC Suite 6\LaunchApplication.exe" [2007-06-18 15:10]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2008-05-16 00:19]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware\avgas.exe" [2007-06-11 10:25]
"LXSUPMON"="C:\WINDOWS\system32\LXSUPMON.exe" [2002-08-15 04:56]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-10-10 20:51]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-02-01 00:13]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 14:10]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2008-03-15 18:36]
"ZoneAlarm Client"="C:\Program Files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-03-13 23:11]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 01:56]
"ccleaner"="C:\Program Files\CCleaner\ccleaner.exe" [2008-03-25 10:48]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24]
"antivirus-2008pro.exe"="C:\Program Files\Antivirus 2008 PRO\antivirus-2008pro.exe" []
[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"Nokia.PCSync"=C:\Program Files\Nokia\Nokia PC Suite 6\PcSync2.exe /NoDialog
C:\Documents and Settings\Shoot and Surf\Start Menu\Programs\Startup\
SpywareGuard.lnk - C:\Program Files\SpywareGuard\sgmain.exe [2003-08-29 19:05:35]
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoClose"=0 (0x0)
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad]
"fsrpknov"= {9306B8FD-3AB3-404B-A2E0-F9EEF5523A9F} - C:\WINDOWS\fsrpknov.dll [ ]
"fdxbameg"= {BA10377E-EE41-45D3-8E8D-AD402A8D816E} - C:\WINDOWS\fdxbameg.dll [ ]
R1 aswSP;avast! Self Protection;C:\WINDOWS\system32\drivers\aswSP.sys
R2 aswFsBlk;aswFsBlk;C:\WINDOWS\system32\DRIVERS\aswFsBlk.sys
R3 cmuda;C-Media WDM Audio Interface;C:\WINDOWS\system32\drivers\cmuda.sys
R3 ms_mpu401;Microsoft MPU-401 MIDI UART Driver;C:\WINDOWS\system32\drivers\msmpu401.sys
R3 ngrpci;NETGEAR FA310TX Fast Ethernet Adapter Driver;C:\WINDOWS\system32\DRIVERS\ngrpci.sys
S3 nmwcd;Nokia USB Phone Parent;C:\WINDOWS\system32\drivers\nmwcd.sys
S3 nmwcdc;Nokia USB Generic;C:\WINDOWS\system32\drivers\nmwcdc.sys
S3 nmwcdcm;Nokia USB Modem;C:\WINDOWS\system32\drivers\nmwcdcm.sys
S3 Pcouffin;Low level access layer for CD devices;C:\WINDOWS\system32\Drivers\Pcouffin.sys
S3 StillCam;Still Serial Digital Camera Driver;C:\WINDOWS\system32\DRIVERS\serscan.sys
[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##B2P1#CD]
AutoRun\command- Z:\setup.exe
Contents of the 'Scheduled Tasks' folder
2008-07-10 19:45:05 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
**************************************************************************
catchme 0.3.1061 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-13 11:38:44
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden registry entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
Completion time: 2008-07-13 11:42:15
C:\ComboFix2.txt ... 2008-07-12 13:42
--- E O F --- | | Back to Top | | |
|
danny-boy
New Member
Date Joined Aug 2007
Total Posts : 37
| Posted 7-13-2008 1:20 (GMT +2) | | And another edited Smitfraud:
SmitFraudFix v2.329
Scan done at 11:59:44.85, 13/07/2008
Run from C:\Documents and Settings\Shoot and Surf\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in safe mode
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» Killing process
»»»»»»»»»»»»»»»»»»»»»»»» hosts
127.0.0.1 localhost
127.0.0.1 ad.a8.net
127.0.0.1 asy.a8ww.net
127.0.0.1 www.aaa-livedoor.net #[Trojan-PSW.Win32.Maran.ei]
127.0.0.1 www.abcsearcher.com #[Spamdexing][Microsoft.Strider]
127.0.0.1 abc-search.info
127.0.0.1 abloga.info #[Spamdexing]
127.0.0.1 www.abx4.com #[Adware.ABXToolbar]
127.0.0.1 acezip.net #[SiteAdvisor.acezip.net]
127.0.0.1 www.acezip.net #[Win32/Adware.180Solutions]
127.0.0.1 phpadsnew.abac.com
127.0.0.1 a.abnad.net
127.0.0.1 b.abnad.net
127.0.0.1 c.abnad.net #[eTrust.Tracking.Cookie]
127.0.0.1 d.abnad.net
127.0.0.1 e.abnad.net
127.0.0.1 t.abnad.net
127.0.0.1 adv.abv.bg
127.0.0.1 bimg.abv.bg
127.0.0.1 www2.a-counter.kiev.ua
127.0.0.1 accuserveadsystem.com
127.0.0.1 www.accuserveadsystem.com
127.0.0.1 gtcc1.acecounter.com
127.0.0.1 gtp1.acecounter.com #[eTrust.Tracking.Cookie]
127.0.0.1 acestats.com
127.0.0.1 www.acestats.com
127.0.0.1 ads.active.com
127.0.0.1 am1.activemeter.com
127.0.0.1 www.activemeter.com #[eTrust.Tracking.Cookie]
127.0.0.1 ads.activepower.net
127.0.0.1 stat.active24stats.nl #[eTrust.Tracking.Cookie]
127.0.0.1 at.ad2click.nl
127.0.0.1 cms.ad2click.nl
127.0.0.1 banner.ad.nu
127.0.0.1 ad-up.com
127.0.0.1 www.ad-up.com
127.0.0.1 www2.cosmomovie.com
127.0.0.1 crazycinema.net
127.0.0.1 www.crazycinema.net
127.0.0.1 www2.crazycinema.net
127.0.0.1 hellompgs.com
127.0.0.1 fhg.hellompgs.com
127.0.0.1 www.hellompgs.com
127.0.0.1 www2.hellompgs.com
127.0.0.1 hqmovieclub.com
127.0.0.1 www.hqmovieclub.com
127.0.0.1 www2.hqmovieclub.com
127.0.0.1 lovethevideo.com
127.0.0.1 www.lovethevideo.com
127.0.0.1 www2.lovethevideo.com
127.0.0.1 megasexonvideo.com
127.0.0.1 www.megasexonvideo.com
127.0.0.1 www2.megasexonvideo.com
127.0.0.1 movie-rise.com
127.0.0.1 www.movie-rise.com
127.0.0.1 www2.movie-rise.com
127.0.0.1 moviestarsonvideo.com
127.0.0.1 www.moviestarsonvideo.com
127.0.0.1 mpgbank.com
127.0.0.1 www2.mpgbank.com
127.0.0.1 mpgbox.com
127.0.0.1 www.mpgbox.com
127.0.0.1 www2.mpgbox.com
127.0.0.1 mpgdot.com
127.0.0.1 www2.mpgdot.com
127.0.0.1 online!!!moviestore.com
127.0.0.1 online!!!videostore.com
127.0.0.1 www.realtime!!!.com
127.0.0.1 redhatmovie.com
127.0.0.1 www.redhatmovie.com
127.0.0.1 www2.redhatmovie.com
127.0.0.1 sexmoviesisland.com
127.0.0.1 videosexygirls.net
127.0.0.1 www2.videosexygirls.net
127.0.0.1 wmvmedialease.com #[Trojan.Win32.Agent.ahp]
127.0.0.1 worldmovie!!!.com
127.0.0.1 www.emporn.com #[Malicious.Links.Zango]
127.0.0.1 servedby.fathomtech.com
127.0.0.1 www.free!!!!!!!movies.us #[Malicious.Links.Zango]
127.0.0.1 www.free!!!!!!!videos.us
127.0.0.1 www.mommaporn.com
127.0.0.1 www.pokemonporn.us #[Malicious.Links.Zango]
127.0.0.1 www.wwe-divas.org
127.0.0.1 servedby.xcelltech.com
127.0.0.1 www.xcelltech.com
127.0.0.1 smutvidoftheday.com #[Win32/TrojanDownloader.Agent.NJC]
127.0.0.1 www.smutvidoftheday.com #[SiteAdvisor.smutvidoftheday.com]
127.0.0.1 www.xscincorporated.com
»»»»»»»»»»»»»»»»»»»»»»»» VACFix
VACFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix
S!Ri's WS2Fix: LSP not Found.
»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix
GenericRenosFix by S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files
»»»»»»»»»»»»»»»»»»»»»»»» IEDFix
IEDFix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» 404Fix
404Fix
Credits: Malware Analysis & Diagnostic
Code: S!Ri
»»»»»»»»»»»»»»»»»»»»»»»» DNS
»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files
»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""
»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning
Registry Cleaning done.
»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!
SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll
»»»»»»»»»»»»»»»»»»»»»»»» End | | Back to Top | | |
|
Touch
Forum Moderator
Date Joined Jun 2004
Total Posts : 12823
| Posted 7-13-2008 1:31 (GMT +2) | | Please download Malwarebytes' Anti-Malware:
to your desktop.
Double-click mbam-setup.exe and follow the prompts to install the program.
At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch
Malwarebytes' Anti-Malware, then click Finish.
If an update is found, it will download and install the latest version.
Once the program has loaded, select Perform full scan, then click Scan.
When the scan is complete, click OK, then Show Results to view the results.
Be sure that everything is checked, and click Remove Selected.
When completed, a log will open in Notepad. Please save it to a convenient location.
Copy and Paste that log into your next reply, along with new combofix log.
Do NOT post your problem in someone elses thread.
| | Back to Top | | |
|
danny-boy
New Member
Date Joined Aug 2007
Total Posts : 37
| Posted 7-13-2008 5:04 (GMT +2) | | Here we are:
Malwarebytes' Anti-Malware 1.20
Database version: 944
Windows 5.1.2600 Service Pack 2
15:46:44 13/07/2008
mbam-log-7-13-2008 (15-46-43).txt
Scan type: Full Scan (A:\|C:\|D:\|E:\|)
Objects scanned: 69912
Time elapsed: 34 minute(s), 54 second(s)
Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 10
Registry Values Infected: 2
Registry Data Items Infected: 0
Folders Infected: 17
Files Infected: 461
Memory Processes Infected:
(No malicious items detected)
Memory Modules Infected:
(No malicious items detected)
Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{2e9937fc-cf2f-4f56-af54-5a6a3dd375cc} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Interface\{741de825-a6f0-4497-9aa6-8023cf9b0fff} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\SearchScopes\{56256a51-b582-467e-b8d4-7786eda79ae0} (Adware.MyWebSearch) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\antivirus 2008 pro (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.bpdl (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Multimedia\WMPlayer\Schemes\f3pss (Adware.MyWebSearch) -> Quarantined and deleted successfully.
Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fdxbameg (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> Quarantined and deleted successfully.
Registry Data Items Infected:
(No malicious items detected)
Folders Infected:
C:\Program Files\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\Infected (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\Suspicious (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\05-08-2007-12-11-17 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\05-08-2007-18-23-32 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\05-08-2007-21-47-59 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\06-08-2007-18-37-54 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\07-08-2007-16-02-46 (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Registry Backups (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Settings (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Start Menu\Programs\Antivirus 2008 PRO (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
Files Infected:
C:\System Volume Information\_restore{39280BAA-0595-4F26-AEAA-F37CB353FFC7}\RP316\A0136397.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\WINDOWS\enfp.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 04 - 04_17_13 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 04 - 05_16_40 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 04 - 05_30_46 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 04 - 08_54_43 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 04 - 10_39_09 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 04 - 10_51_10 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 04 - 11_51_50 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 04 - 12_16_53 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 05 - 02_03_18 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 05 - 02_59_18 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 05 - 03_25_39 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 05 - 03_43_43 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 05 - 05_18_23 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 05 - 06_11_03 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 05 - 06_22_14 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 05 - 09_15_30 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 05 - 09_47_43 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 05 - 11_33_31 AM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 05 - 12_10_46 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 06 - 01_30_59 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 06 - 02_01_28 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 06 - 03_25_17 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 06 - 03_44_09 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 06 - 05_53_45 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 06 - 06_13_54 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 06 - 06_37_47 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 06 - 07_49_24 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 07 - 02_00_32 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 07 - 04_02_33 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\SpywareBot\Log\2007 Aug 07 - 05_10_45 PM.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\vscan.tsi (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Program Files\Antivirus 2008 PRO\zlib.dll (Rogue.Antivirus2008) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\DataBaseNew.ref (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Log\2007 Aug 07 - 04_02_28 PM_921.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Log\2007 Aug 07 - 05_10_33 PM_283.log (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\0.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\0.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\1.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\1.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\10.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\10.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\11.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\11.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\12.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\12.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\13.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\13.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\14.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\14.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\15.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\15.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\16.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\16.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\17.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\17.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\18.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\18.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\19.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\19.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\2.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\2.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\20.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\20.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\21.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\21.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\22.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\22.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\23.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\23.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\24.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\24.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\25.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\25.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\26.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\26.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\27.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\27.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\28.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\28.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\29.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\29.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\3.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\3.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\30.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\30.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\31.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\31.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\32.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\32.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\33.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\33.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\34.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\34.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\35.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\35.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\36.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\36.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\37.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\37.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\38.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\38.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\39.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\39.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\4.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\4.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\40.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\40.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\41.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\41.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\42.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\42.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\43.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\43.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\44.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\44.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\45.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\45.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\46.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\46.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\47.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\47.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\48.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\48.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\49.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\49.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\5.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\5.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\50.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\50.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\51.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\51.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\52.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\52.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\53.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\53.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\54.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\54.qnf (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and Settings\Shoot and Surf\Application Data\SpywareBot\Quarantine\04-08-2007-20-54-55\55.qit (Rogue.SpywareBot) -> Quarantined and deleted successfully.
C:\Documents and | |
| |
