Spyware problem - Free Antivirus Forum

Spyware problem

BullGuard Antivirus Forum > General Security > Spyware > Spyware problem

Forum Quick Jump

[ << Previous Thread | Next Thread >> ]

Zid
New Member

Date Joined Aug 2008
Total Posts : 3

Posted 8-7-2008 5:38 (GMT +1)

Here is the Combofix log...

ComboFix 08-08-06.02 - Administrator 2008-08-06 23:18:34.5 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.832 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\ebjuvewv.ini
.
---- Previous Run -------
.
C:\Documents and Settings\All Users\Application Data\Rabio
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\S3FFRVA3\interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\S3FFRVA3\interclick.com\ud.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Owner\Desktop\Error Cleaner.url
C:\Documents and Settings\Owner\Desktop\Privacy Protector.url
C:\Documents and Settings\Owner\Desktop\Spyware&Malware Protection.url
C:\Documents and Settings\Owner\Favorites\Error Cleaner.url
C:\Documents and Settings\Owner\Favorites\Privacy Protector.url
C:\Documents and Settings\Owner\Favorites\Spyware&Malware Protection.url
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter_verinfo.dat
C:\Documents and Settings\Owner\Local Settings\Temporary Internet Files\ijjistarter2FxB.exe
C:\kmd.exe
C:\WINDOWS\bgrqfetx.dll
C:\WINDOWS\BM3f2cf806.txt
C:\WINDOWS\BM3f2cf806.xml
C:\WINDOWS\exwd.exe
C:\WINDOWS\privacy_danger
C:\WINDOWS\privacy_danger\images\capt.gif
C:\WINDOWS\privacy_danger\images\danger.jpg
C:\WINDOWS\privacy_danger\images\down.gif
C:\WINDOWS\privacy_danger\images\spacer.gif
C:\WINDOWS\privacy_danger\index.htm
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\awtuuVNH.dll
C:\WINDOWS\system32\ebjuvewv.ini
C:\WINDOWS\system32\MSINET.oca
C:\WINDOWS\system32\owcvxu.dll
C:\WINDOWS\system32\RBaHRqru.ini
C:\WINDOWS\system32\RBaHRqru.ini2
C:\WINDOWS\system32\urqRHaBR.dll
C:\WINDOWS\system32\vtUmMebx.dll
C:\WINDOWS\system32\wnbdrdkn.dll
C:\WINDOWS\tfnslopk.dll
C:\WINDOWS\wnlmdakqxmd.dll
C:\WINDOWS\xokvrpwg.dll

.
((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))
.

2008-08-06 22:06 . 2008-08-06 22:06 99,712 --a------ C:\WINDOWS\system32\vwevujbe.dll
2008-08-06 21:13 . 2008-08-06 21:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-08-06 18:48 . 2008-08-06 16:58 86,016 --a------ C:\WINDOWS\lnvegaow.exe
2008-07-25 21:11 . 2008-06-17 19:28 710,064 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2008-07-25 15:40 . 2008-07-25 15:40 <DIR> d-------- C:\Program Files\Sun
2008-07-24 02:11 . 2008-07-24 02:11 <DIR> d-------- C:\Program Files\iTunes
2008-07-24 02:11 . 2008-07-24 02:11 <DIR> d-------- C:\Program Files\iPod
2008-07-24 02:11 . 2008-07-24 02:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-07-24 02:10 . 2008-07-24 02:10 <DIR> d-------- C:\Program Files\Bonjour
2008-07-24 02:09 . 2008-07-24 02:10 <DIR> d-------- C:\Program Files\QuickTime
2008-07-24 02:09 . 2008-07-24 02:09 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-24 02:09 . 2008-07-24 02:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-24 02:08 . 2008-07-24 02:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-24 02:08 . 2008-07-24 02:08 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-07-24 02:08 . 2008-07-24 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-17 02:50 . 2008-07-17 02:50 <DIR> d-------- C:\CAVEDOG
2008-07-17 02:47 . 2008-07-17 02:47 <DIR> d-------- C:\Program Files\Conduit
2008-07-17 02:47 . 2008-07-17 02:47 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-07-17 02:42 . 2008-07-17 02:42 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-17 01:45 . 2008-08-02 17:07 <DIR> d-------- C:\Fontstock
2008-07-16 23:00 . 2008-07-16 23:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Cakewalk
2008-07-16 22:58 . 2008-07-16 22:59 <DIR> d-------- C:\Program Files\Cakewalk
2008-07-16 22:58 . 2008-07-16 22:59 <DIR> d-------- C:\Cakewalk Projects
2008-07-16 22:58 . 2004-03-17 01:00 180,224 --a------ C:\WINDOWS\system32\ReWire.dll
2008-07-16 21:41 . 2008-07-16 22:04 <DIR> d-------- C:\Program Files\Ringz Studio
2008-07-09 20:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-09 20:55 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-09 20:55 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-09 03:30 . 2008-07-09 03:30 <DIR> d-------- C:\Program Files\Windows Live
2008-07-09 03:30 . 2008-07-09 03:42 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-09 03:29 . 2008-07-09 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-09 02:37 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-07-09 02:37 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-07-09 02:37 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-07-09 02:37 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-07-09 02:28 . 2008-07-09 02:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Creative
2008-07-09 02:04 . 2008-07-09 02:05 <DIR> d-------- C:\Program Files\Creative

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 04:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-08-07 02:13 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-06 23:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-08-06 21:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\skypePM
2008-07-25 20:39 --------- d-----w C:\Program Files\Java
2008-07-18 05:32 --------- d-----w C:\Program Files\Private Server File
2008-07-17 07:12 --------- d-----w C:\Program Files\Google
2008-07-15 19:15 --------- d-----w C:\Program Files\World of Warcraft
2008-07-09 07:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 04:01 58,800 ----a-w C:\WINDOWS\system32\ijjiPlugin2.dll
2008-05-02 18:56 0 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-01-21 02:13 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2008-02-17 11:15 135168]
"avtray"="C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe" [2008-02-17 11:15 144688]
"CSAV_CheckViruses"="C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe" [2008-02-17 11:15 75056]
"dvprpt"="C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe" [2008-02-17 11:15 206128]
"untray"="C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe" [2008-02-17 11:15 140592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 13:30 97357]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-02-10 02:59 47104 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-17 11:16 8720384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=
"C:\\CAVEDOG\\TOTALA\\totala.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2006-02-28 07:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2006-02-28 07:00]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2006-02-28 07:00]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2006-02-28 07:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2008-07-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-07 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe []
.
- - - - ORPHANS REMOVED - - - -

BHO-{D8A084A3-2A5B-4D00-AAA0-1E1F2D098AA7} - (no file)
BHO-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
Toolbar-{ecdee021-0d17-467f-a1ff-c7a115230949} - (no file)
Toolbar-{D76144AF-DF87-4614-9630-91BE83E98924} - C:\WINDOWS\bgrqfetx.dll
HKLM-Run-QuickTime Task - C:\Program Files\QuickTime\qttask .exe

.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8o9dn24e.default\

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-06 23:21:35
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-06 23:23:00
ComboFix-quarantined-files.txt 2008-08-07 04:22:37
ComboFix2.txt 2008-02-22 22:39:58
ComboFix3.txt 2008-02-18 19:10:24
ComboFix4.txt 2008-02-17 18:39:27

Pre-Run: 13,294,252,032 bytes free
Post-Run: 13,282,410,496 bytes free

186 --- E O F --- 2008-08-07 00:03:39

Here is the HijackThis log...

Logfile of HijackThis v1.99.1
Scan saved at 23:26, on 2008-08-06
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\notepad.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\HJT\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - (no file)
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: (no name) - {AA58ED58-01DD-4d91-8333-CF10577473F7} - (no file)
O2 - BHO: (no name) - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\PROGRA~1\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: (no name) - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - (no file)
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [ShowWnd] ShowWnd.exe
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [avtray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe
O4 - HKLM\..\Run: [CSAV_CheckViruses] C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe
O4 - HKLM\..\Run: [dvprpt] C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe
O4 - HKLM\..\Run: [untray] C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [StormCodec_Helper] "C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" /S /opti
O8 - Extra context menu item: &AOL Toolbar search - res://C:\Program Files\AOL Toolbar\toolbar.dll/SEARCH.HTML
O8 - Extra context menu item: &Google Search - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: Backward Links - res://C:\Program Files\Google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://C:\Program Files\Google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Similar Pages - res://C:\Program Files\Google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate into English - res://C:\Program Files\Google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\npjpi160_07.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: Run IMVU - {d9288080-1baa-4bc4-9cf8-a92d743db949} - C:\Documents and Settings\Owner\Start Menu\Programs\IMVU\Run IMVU.lnk (file missing)
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\program files\bonjour\mdnsnsp.dll
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/english/kavwebscan_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: avinitnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\avinitnt.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: schscnt - Authentium, Inc. - C:\Program Files\Authentium\Command AntiVirus\schscnt.exe
O23 - Service: StarWind AE Service (StarWindServiceAE) - Rocket Division Software - C:\Program Files\Alcohol Soft\Alcohol 52\StarWind\StarWindServiceAE.exe

Here is my Super anti spyware log...

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/06/2008 at 09:46 PM

Application Version : 3.9.1008

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Complete Scan
Total Scan Time : 00:31:57

Memory items scanned : 222
Memory threats detected : 0
Registry items scanned : 5218
Registry threats detected : 0
File items scanned : 29504
File threats detected : 38

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@2adultflashgames.txt
C:\Documents and Settings\Owner\Cookies\owner@ad.yieldmanager.txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.euroclick.txt
C:\Documents and Settings\Owner\Cookies\owner@adopt.specificclick.txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver.txt
C:\Documents and Settings\Owner\Cookies\owner@adrevolver.txt
C:\Documents and Settings\Owner\Cookies\owner@ads.addynamix.txt
C:\Documents and Settings\Owner\Cookies\owner@ads.bridgetrack.txt
C:\Documents and Settings\Owner\Cookies\owner@ads.pointroll.txt
C:\Documents and Settings\Owner\Cookies\owner@ads.widgetbucks.txt
C:\Documents and Settings\Owner\Cookies\owner@adserver.txt
C:\Documents and Settings\Owner\Cookies\owner@adultadworld.txt
C:\Documents and Settings\Owner\Cookies\owner@advertising.txt
C:\Documents and Settings\Owner\Cookies\owner@apmebf.txt
C:\Documents and Settings\Owner\Cookies\owner@at.atwola.txt
C:\Documents and Settings\Owner\Cookies\owner@atdmt.txt
C:\Documents and Settings\Owner\Cookies\owner@atwola.txt
C:\Documents and Settings\Owner\Cookies\owner@bs.serving-sys.txt
C:\Documents and Settings\Owner\Cookies\owner@casalemedia.txt
C:\Documents and Settings\Owner\Cookies\owner@cdn.at.atwola.txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick.txt
C:\Documents and Settings\Owner\Cookies\owner@dynamic.media.adrevolver.txt
C:\Documents and Settings\Owner\Cookies\owner@fastclick.txt
C:\Documents and Settings\Owner\Cookies\owner@interclick.txt
C:\Documents and Settings\Owner\Cookies\owner@media.adrevolver.txt
C:\Documents and Settings\Owner\Cookies\owner@media6degrees.txt
C:\Documents and Settings\Owner\Cookies\owner@mediaplex.txt
C:\Documents and Settings\Owner\Cookies\owner@overture.txt
C:\Documents and Settings\Owner\Cookies\owner@realmedia.txt
C:\Documents and Settings\Owner\Cookies\owner@revsci.txt
C:\Documents and Settings\Owner\Cookies\owner@richmedia.yahoo.txt
C:\Documents and Settings\Owner\Cookies\owner@server.cpmstar.txt
C:\Documents and Settings\Owner\Cookies\owner@serving-sys.txt
C:\Documents and Settings\Owner\Cookies\owner@specificclick.txt
C:\Documents and Settings\Owner\Cookies\owner@trafficmp.txt
C:\Documents and Settings\Owner\Cookies\owner@tribalfusion.txt
C:\Documents and Settings\Owner\Cookies\owner@wmvmedialease.txt
C:\Documents and Settings\Owner\Cookies\owner@www.2adultflashgames.txt

Erm, help?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13861

Posted 8-7-2008 6:19 (GMT +1)

Hello

Please download Malwarebytes' Anti-Malware:

http://www.besttechie.net/tools/mbam-setup.exe

to your desktop.

Double-click mbam-setup.exe and follow the prompts to install the program.

At the end, be sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch

Malwarebytes' Anti-Malware, then click Finish.

If an update is found, it will download and install the latest version.

Once the program has loaded, select Perform full scan, then click Scan.

When the scan is complete, click OK, then Show Results to view the results.

Be sure that everything is checked, and click Remove Selected.

When completed, a log will open in Notepad. Please save it to a convenient location.

Copy and Paste that log into your next reply, along with fresh combofix log.

NB: If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Zid
New Member

Date Joined Aug 2008
Total Posts : 3

Posted 8-7-2008 11:01 (GMT +1)

Here is the MBAM log...

Malwarebytes' Anti-Malware 1.24
Database version: 1030
Windows 5.1.2600 Service Pack 2

04:53:30 2008-08-07
mbam-log-8-7-2008 (04-53-30).txt

Scan type: Full Scan (C:\|D:\|)
Objects scanned: 97081
Time elapsed: 55 minute(s), 3 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 15
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 22

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\AppID\{543bd811-f148-4b3a-a0b9-177014555bf9} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock5.band (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock5.band.1 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock5.bho (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bndblock5.bho.1 (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{d6b0c179-6343-442c-8175-9652e200cb55} (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\rabio.rabiobho.1 (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\AppID\BndBlock5.DLL (Adware.ISM) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\App Management\ARPCache\RABCO (Adware.RABCO) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bgrqfetx.bbkr (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bgrqfetx.toolbar.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0007477.exe (Trojan.Winpop) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\A0008838.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\InsiDERIns.exe.vir (Trojan.Winpop) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\DoctorWeb\Quarantine\xinside.exe (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\Program Files\Outerinfo\FF\components\FF.dll.#ir (Adware.ClickSpring) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\b153.exe.vir (Trojan.Dropper) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\exwd.exe.vir (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\xokvrpwg.dll.vir (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\awtuuVNH.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\owcvxu.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\urqRHaBR.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\wnbdrdkn.dll.vir (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\p9\liopud89104.exe.vir (Trojan.Downloader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP322\A0036846.dll (Trojan.Zlob) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP322\A0036848.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP322\A0036849.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP322\A0036850.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP322\A0036851.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{D23EFF2A-BFEF-46A5-8364-D064E372DF2B}\RP322\A0036853.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vwevujbe.dll (Trojan.Vundo) -> Quarantined and deleted successfully.
C:\WINDOWS\lnvegaow.exe (Trojan.FakeAlert) -> Quarantined and deleted successfully.
C:\Documents and Settings\Owner\Start Menu\Programs\Startup\RABCO - Auto Update.lnk (Adware.RABCO) -> Quarantined and deleted successfully.

And here is the Combofix Log...

ComboFix 08-08-06.02 - Administrator 2008-08-07 4:54:48.6 - NTFSx86 NETWORK
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.769 [GMT -5:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((( Files Created from 2008-07-07 to 2008-08-07 )))))))))))))))))))))))))))))))
.

2008-08-07 03:56 . 2008-08-07 03:56 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-07 03:56 . 2008-08-07 03:56 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-07 03:56 . 2008-08-07 03:56 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-08-07 03:56 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-07 03:56 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-06 21:13 . 2008-08-06 21:13 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-07-25 21:11 . 2008-06-17 19:28 710,064 --a------ C:\WINDOWS\system32\ijjiSetup.exe
2008-07-25 15:40 . 2008-07-25 15:40 <DIR> d-------- C:\Program Files\Sun
2008-07-24 02:11 . 2008-07-24 02:11 <DIR> d-------- C:\Program Files\iTunes
2008-07-24 02:11 . 2008-07-24 02:11 <DIR> d-------- C:\Program Files\iPod
2008-07-24 02:11 . 2008-07-24 02:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Apple Computer
2008-07-24 02:10 . 2008-07-24 02:10 <DIR> d-------- C:\Program Files\Bonjour
2008-07-24 02:09 . 2008-07-24 02:10 <DIR> d-------- C:\Program Files\QuickTime
2008-07-24 02:09 . 2008-07-24 02:09 <DIR> d-------- C:\Program Files\Apple Software Update
2008-07-24 02:09 . 2008-07-24 02:11 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple Computer
2008-07-24 02:08 . 2008-07-24 02:08 <DIR> d----c--- C:\WINDOWS\system32\DRVSTORE
2008-07-24 02:08 . 2008-07-24 02:08 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-07-24 02:08 . 2008-07-24 02:08 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Apple
2008-07-17 02:50 . 2008-07-17 02:50 <DIR> d-------- C:\CAVEDOG
2008-07-17 02:47 . 2008-07-17 02:47 <DIR> d-------- C:\Program Files\Conduit
2008-07-17 02:47 . 2008-07-17 02:47 <DIR> d-------- C:\Program Files\Alcohol Soft
2008-07-17 02:42 . 2008-07-17 02:42 716,272 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-07-17 01:45 . 2008-08-02 17:07 <DIR> d-------- C:\Fontstock
2008-07-16 23:00 . 2008-07-16 23:00 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Cakewalk
2008-07-16 22:58 . 2008-07-16 22:59 <DIR> d-------- C:\Program Files\Cakewalk
2008-07-16 22:58 . 2008-07-16 22:59 <DIR> d-------- C:\Cakewalk Projects
2008-07-16 22:58 . 2004-03-17 01:00 180,224 --a------ C:\WINDOWS\system32\ReWire.dll
2008-07-16 21:41 . 2008-07-16 22:04 <DIR> d-------- C:\Program Files\Ringz Studio
2008-07-09 20:55 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-07-09 20:55 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-07-09 20:55 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-07-09 03:30 . 2008-07-09 03:30 <DIR> d-------- C:\Program Files\Windows Live
2008-07-09 03:30 . 2008-07-09 03:42 <DIR> d--hsc--- C:\Program Files\Common Files\WindowsLiveInstaller
2008-07-09 03:29 . 2008-07-09 03:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-07-09 02:37 . 2004-08-03 23:10 10,880 --a------ C:\WINDOWS\system32\drivers\NdisIP.sys
2008-07-09 02:37 . 2004-08-03 23:10 10,880 --a--c--- C:\WINDOWS\system32\dllcache\ndisip.sys
2008-07-09 02:37 . 2004-08-03 22:58 5,504 --a------ C:\WINDOWS\system32\drivers\MSTEE.sys
2008-07-09 02:37 . 2004-08-03 22:58 5,504 --a--c--- C:\WINDOWS\system32\dllcache\mstee.sys
2008-07-09 02:28 . 2008-07-09 02:28 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Creative
2008-07-09 02:04 . 2008-07-09 02:05 <DIR> d-------- C:\Program Files\Creative

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-07 04:28 --------- d-----w C:\Program Files\SUPERAntiSpyware
2008-08-07 04:13 --------- d-----w C:\Documents and Settings\Owner\Application Data\Skype
2008-08-06 23:55 --------- d-----w C:\Documents and Settings\Owner\Application Data\Azureus
2008-08-06 21:41 --------- d-----w C:\Documents and Settings\Owner\Application Data\skypePM
2008-07-25 20:39 --------- d-----w C:\Program Files\Java
2008-07-18 05:32 --------- d-----w C:\Program Files\Private Server File
2008-07-17 07:12 --------- d-----w C:\Program Files\Google
2008-07-15 19:15 --------- d-----w C:\Program Files\World of Warcraft
2008-07-09 07:05 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-06-12 04:01 58,800 ----a-w C:\WINDOWS\system32\ijjiPlugin2.dll
2008-05-02 18:56 0 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
2008-01-21 02:13 32 ----a-w C:\Documents and Settings\All Users\Application Data\ezsid.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunKistEM"="C:\Program Files\Digital Media Reader\shwiconem.exe" [2008-02-17 11:15 135168]
"avtray"="C:\PROGRA~1\AUTHEN~1\COMMAN~1\avtray.exe" [2008-02-17 11:15 144688]
"CSAV_CheckViruses"="C:\PROGRA~1\AUTHEN~1\COMMAN~1\vchk.exe" [2008-02-17 11:15 75056]
"dvprpt"="C:\PROGRA~1\AUTHEN~1\COMMAN~1\dvprpt.exe" [2008-02-17 11:15 206128]
"untray"="C:\PROGRA~1\AUTHEN~1\COMMAN~1\untray.exe" [2008-02-17 11:15 140592]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"StormCodec_Helper"="C:\Program Files\Ringz Studio\Storm Codec\StormSet.exe" [2006-11-26 13:30 97357]
"CHotkey"="zHotkey.exe" [2004-05-17 20:30 543232 C:\WINDOWS\zHotkey.exe]
"ShowWnd"="ShowWnd.exe" [2003-09-19 11:09 36864 C:\WINDOWS\ShowWnd.exe]
"SoundMan"="SOUNDMAN.EXE" [2003-02-10 02:59 47104 C:\WINDOWS\SOUNDMAN.EXE]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"MySpaceIM"="C:\Program Files\MySpace\IM\MySpaceIM.exe" [2008-02-17 11:16 8720384]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2006-12-20 14:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2007-04-19 14:41 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\ijji\\ENGLISH\\Gunz\\Gunz.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"C:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"C:\\Program Files\\AIM\\aim.exe"=
"C:\\Program Files\\World of Warcraft\\BackgroundDownloader.exe"=
"C:\\Program Files\\DNA\\btdna.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"C:\\ijji\\ENGLISH\\u_gunz.exe"=
"C:\\CAVEDOG\\TOTALA\\totala.exe"=
"C:\\WINDOWS\\system32\\dplaysvr.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\MySpace\\IM\\MySpaceIM.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\IcmpSettings]
"AllowInboundEchoRequest"= 1 (0x1)

S3 p2pgasvc;Peer Networking Group Authentication;C:\WINDOWS\system32\svchost.exe [2006-02-28 07:00]
S3 p2pimsvc;Peer Networking Identity Manager;C:\WINDOWS\system32\svchost.exe [2006-02-28 07:00]
S3 p2psvc;Peer Networking;C:\WINDOWS\system32\svchost.exe [2006-02-28 07:00]
S3 PNRPSvc;Peer Name Resolution Protocol;C:\WINDOWS\system32\svchost.exe [2006-02-28 07:00]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
p2psvc REG_MULTI_SZ p2psvc p2pimsvc p2pgasvc PNRPSvc
.
Contents of the 'Scheduled Tasks' folder

2008-07-24 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe [2008-04-11 17:57]

2008-08-07 C:\WINDOWS\Tasks\Symantec NetDetect.job
- C:\Program Files\Symantec\LiveUpdate\NDetect.exe []
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Administrator\Application Data\Mozilla\Firefox\Profiles\8o9dn24e.default\

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-07 04:57:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-08-07 4:58:28
ComboFix-quarantined-files.txt 2008-08-07 09:58:06
ComboFix2.txt 2008-08-07 04:23:01
ComboFix3.txt 2008-02-22 22:39:58
ComboFix4.txt 2008-02-18 19:10:24
ComboFix5.txt 2008-08-07 09:54:37

Pre-Run: 13,279,088,640 bytes free
Post-Run: 13,267,787,776 bytes free

140 --- E O F --- 2008-08-07 00:03:39

How's this?

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13861

Posted 8-7-2008 11:04 (GMT +1)

Looks clean.

How are things running now ?

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Zid
New Member

Date Joined Aug 2008
Total Posts : 3

Posted 8-8-2008 9:37 (GMT +1)

Things are running phenomenally now, thank you very much, Touch.

Zid

Touch
Forum Moderator

Date Joined Jun 2004
Total Posts : 13861

Posted 8-8-2008 2:18 (GMT +1)

Great

Uninstall ComboFix

Go to Start->Run, and type in ComboFix /u
Make sure there is a space between ComboFix and /u
Click Enter

This will ->

Uninstall ComboFix. Delete its related folders and files.

Reset your clock settings. Hide file extensions.

Hide the system/hidden files. And resets System Restore again.

Please read Tony Klein's excellent article: How I got Infected in the First Place

Do NOT post your problem in someone elses thread.

Member of - Alliance of Security Analysis Professionals
Please do NOT PM me any logs. They will be deleted

Forum Information

Currently it is Thursday, December 04, 2008 8:12 PM (GMT +1)
There are a total of 64.634 posts in 15.923 threads.
In the last 3 days there were 21 new threads and 135 reply posts. View Active Threads