Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

used ComboFix; posting results [RESOLVED]


  • This topic is locked This topic is locked

#1
xuznx

xuznx

    New Member

  • Member
  • Pip
  • 3 posts
I used Combofix to remove outerinfo and other malware/spyware I had on my pc. So far it looks to have stopped most pop-ups. :) I'm posting the log here as directed and if appropriate I would appreciate any feedback. I also tried to download HiJackThis but it wouldn't install. (an indication of other problems?) If that scan is necessary I will try it again. Also I'm not the most computer literate person so use of privative language would nice. Thanks for taking a look. peace.

ComboFix 08-01-04.1 - Owner 2008-01-06 12:09:37.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\check_LSA7.txt
C:\Documents and Settings\All Users\Application Data.\salesmonitor
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data.\winantispyware 2007\Data\ProductCode
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\Abbr
C:\Documents and Settings\All Users\Application Data\WinAntiSpyware 2007\Data\ProductCode
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Documents and Settings\Owner\Application Data\PPATCH~1
C:\Program Files\Common Files\Yazzle1549OinAdmin.exe
C:\Program Files\network monitor
C:\Program Files\network monitor\netmon.exe
C:\Program Files\outerinfo
C:\Program Files\outerinfo\FF\components\FF.dll
C:\Program Files\web buying
C:\Program Files\web buying\v1.8.4\webbuying.exe
C:\Program Files\winantispyware 2007
C:\Program Files\WinAntiSpyware 2007\msvcp71.dll
C:\Program Files\WinAntiSpyware 2007\msvcr71.dll
C:\Program Files\WinAntiSpyware 2007\shellext.dll
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\Temp\tpBe12
C:\Temp\xOe
C:\Temp\xOe\tOasF.log
C:\WINDOWS\cookies.ini
C:\WINDOWS\IA
C:\WINDOWS\IA\\asappsrv.dll
C:\WINDOWS\IA\\command.exe
C:\WINDOWS\IA\asappsrv.dll
C:\WINDOWS\IA\command.exe
C:\WINDOWS\mrofinu572.exe
C:\WINDOWS\system32\allfjxje.dll
C:\WINDOWS\system32\aobytocv.dll
C:\WINDOWS\system32\atmtd.dll
C:\WINDOWS\system32\atmtd.dll._
C:\WINDOWS\system32\cceqxuii.exe
C:\WINDOWS\system32\ckxydueq.exe
C:\WINDOWS\system32\drivers\ApiMon.sys
C:\WINDOWS\system32\ethsevso.exe
C:\WINDOWS\system32\ffoexnc.dll
C:\WINDOWS\system32\fvamsllj.exe
C:\WINDOWS\system32\gharfkrm.ini
C:\WINDOWS\system32\gsievltq.exe
C:\WINDOWS\system32\hgtjiipm.dll
C:\WINDOWS\system32\icfmvchm.dll
C:\WINDOWS\system32\ineWc01
C:\WINDOWS\system32\ineWc01\ineWc011065.exe
C:\WINDOWS\system32\iunnpgpf.exe
C:\WINDOWS\system32\jeagwafk.ini
C:\WINDOWS\system32\kipmxoma.exe
C:\WINDOWS\system32\knmyfeag.exe
C:\WINDOWS\system32\krnmsimu.ini
C:\WINDOWS\system32\lmrjewpi.exe
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mhcvmfci.ini
C:\WINDOWS\system32\mjmvqfry.exe
C:\WINDOWS\system32\mnjtkegq.dll
C:\WINDOWS\system32\mpiijtgh.ini
C:\WINDOWS\system32\mrkfrahg.dll
C:\WINDOWS\system32\ncfcyfhw.exe
C:\WINDOWS\system32\onnmp.bak2
C:\WINDOWS\system32\onnmp.ini
C:\WINDOWS\system32\onnmp.ini2
C:\WINDOWS\system32\onnmp.tmp
C:\WINDOWS\system32\oombgdqh.ini
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\pmnno.dll
C:\WINDOWS\system32\ptggnqfq.ini
C:\WINDOWS\system32\qbdkncrt.ini
C:\WINDOWS\system32\qgektjnm.ini
C:\WINDOWS\system32\qpayscbb.ini
C:\WINDOWS\system32\qucbaroy.dll
C:\WINDOWS\system32\rgkqgyrj.exe
C:\WINDOWS\system32\safouqpk.exe
C:\WINDOWS\system32\smante~1
C:\WINDOWS\system32\ubuimcon.exe
C:\WINDOWS\system32\uiaxsohr.exe
C:\WINDOWS\system32\urqonom.dll
C:\WINDOWS\system32\vcotyboa.ini
C:\WINDOWS\system32\vlspiilj.exe
C:\WINDOWS\system32\vMW10a
C:\WINDOWS\system32\vMW10a\vMW10a1099.exe
C:\WINDOWS\system32\wafxjxsq.exe
C:\WINDOWS\system32\wijmmokk.exe
C:\WINDOWS\system32\wnsintsv32.exe
C:\WINDOWS\system32\wrldkjss.exe
C:\WINDOWS\system32\wusqpste.exe
C:\WINDOWS\system32\wvgvdady.exe
C:\WINDOWS\system32\wxurilyy.exe
C:\WINDOWS\system32\Y1
C:\WINDOWS\system32\Y1\gb83122.exe
C:\WINDOWS\system32\yayvuut.dll
C:\WINDOWS\system32\ydwcmomj.exe
C:\WINDOWS\system32\ymbols~1
C:\WINDOWS\system32\yorabcuq.ini
C:\WINDOWS\system32\zluldsnn.dll
C:\WINDOWS\tsitra1000106.exe
C:\WINDOWS\uninstall_nmon.vbs
C:\WINDOWS\winshow.exe

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_CMDSERVICE
-------\LEGACY_DOMAINSERVICE
-------\LEGACY_FOPN
-------\ApiMon
-------\cmdService
-------\DomainService


((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-06 12:06 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 12:05 . 2008-01-06 12:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 11:55 . 2008-01-06 11:55 75,840 --a------ C:\WINDOWS\system32\pwasinoy.dll
2008-01-06 11:41 . 2008-01-06 11:41 <DIR> d-------- C:\OEMSettings
2008-01-06 11:24 . 2008-01-06 11:24 <DIR> d-------- C:\Program Files\NETGEAR
2008-01-06 11:24 . 2008-01-06 11:24 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-06 11:11 . 2008-01-06 11:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-06 11:10 . 2008-01-06 11:10 <DIR> d-------- C:\WINDOWS\cache
2008-01-06 11:07 . 2008-01-06 11:07 456 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-06 11:05 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-12-20 07:00 . 2007-12-20 07:00 532,906 --a------ C:\Temp\ulSaa1212.exe
2007-12-20 07:00 . 2007-12-12 14:01 39,936 -ra------ C:\WINDOWS\mrofinu572.exe.tmp
2007-12-18 06:25 . 2007-12-20 06:26 295 --ahs---- C:\WINDOWS\system32\kunwibfv.ini
2007-12-13 23:07 . 2004-09-16 16:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2007-12-13 23:07 . 2004-09-16 16:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-13 23:07 . 2004-09-16 16:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 17:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-30 04:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2006-07-10 04:10 394 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{78cb685b-8937-4662-aea4-f93a01db6091}]
2008-01-06 11:55 75840 --a------ C:\WINDOWS\system32\pwasinoy.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 20:00 200704]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-01-06 12:45 3552256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 20:26 368706]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 00:52 380928]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 00:52 122880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 03:03 49263]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 17:44 271672]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 03:42 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
2004-11-02 16:59 218240 --a------ C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
C:\Program Files\Digital Media Reader\shwiconem.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-12-10 17:16:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-11-21 21:02:31 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2004-11-21 21:02:32 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2004-11-21 21:02:32 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-06 15:56:00 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 12:30:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 12:33:52 - machine was rebooted
ComboFix-quarantined-files.txt 2008-01-06 18:33:43
.
2008-01-06 17:10:31 --- E O F ---
  • 0

Advertisements


#2
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hello and Welcome to Geekstogo! :)

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\system32\pwasinoy.dll
C:\Temp\ulSaa1212.exe
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\kunwibfv.ini



3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt

Do you happen to know what this is? You've Got Pictures Screensaver
  • 0

#3
xuznx

xuznx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Is this right? I don't know anything about Pictures Screensaver.

ComboFix 08-01-04.1 - Owner 2008-01-06 14:38:14.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

FILE
C:\Temp\ulSaa1212.exe
C:\WINDOWS\mrofinu572.exe.tmp
C:\WINDOWS\system32\kunwibfv.ini
C:\WINDOWS\system32\pwasinoy.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\ulSaa1212.exe
C:\WINDOWS\system32\kunwibfv.ini
C:\WINDOWS\system32\pwasinoy.dll

.
((((((((((((((((((((((((( Files Created from 2007-12-06 to 2008-01-06 )))))))))))))))))))))))))))))))
.

2008-01-06 13:23 . 2008-01-06 13:23 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Grisoft
2008-01-06 13:22 . 2008-01-06 13:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Grisoft
2008-01-06 13:22 . 2007-05-30 06:10 10,872 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-01-06 12:06 . 2000-08-31 08:00 51,200 --a------ C:\WINDOWS\NirCmd.exe
2008-01-06 12:05 . 2008-01-06 12:05 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-06 11:41 . 2008-01-06 11:41 <DIR> d-------- C:\OEMSettings
2008-01-06 11:24 . 2008-01-06 11:24 <DIR> d-------- C:\Program Files\NETGEAR
2008-01-06 11:24 . 2008-01-06 11:24 21,035 --a------ C:\WINDOWS\system32\drivers\AegisP.sys
2008-01-06 11:11 . 2008-01-06 11:11 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Yahoo!
2008-01-06 11:10 . 2008-01-06 11:10 <DIR> d-------- C:\WINDOWS\cache
2008-01-06 11:07 . 2008-01-06 11:07 456 --a------ C:\WINDOWS\system32\MRT.INI
2008-01-06 11:05 . 2003-02-28 18:26 139,536 --a------ C:\WINDOWS\system32\javaee.dll
2007-12-13 23:07 . 2004-09-16 16:20 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver
2007-12-13 23:07 . 2004-09-16 16:25 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Symantec
2007-12-13 23:07 . 2004-09-16 16:55 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\CyberLink

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-01-06 17:43 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-06 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-11-30 04:30 --------- d-----w C:\Documents and Settings\Owner\Application Data\AdobeUM
2007-11-13 10:25 20,480 ----a-w C:\WINDOWS\system32\drivers\secdrv.sys
2007-10-29 22:43 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2007-10-27 23:40 227,328 ----a-w C:\WINDOWS\system32\wmasf.dll
2007-04-23 20:21 269,824 ----a-w C:\WINDOWS\inf\WG111v3\Vista64\wg111v3.sys
2007-04-23 20:11 224,896 ----a-w C:\WINDOWS\inf\WG111v3\wg111v3.sys
2006-12-15 17:30 98,304 ----a-w C:\WINDOWS\inf\WG111v3\UScanM.exe
2006-12-15 17:30 66,048 ----a-w C:\WINDOWS\inf\WG111v3\EAPPkt.sys
2006-12-15 17:30 315,392 ----a-w C:\WINDOWS\inf\WG111v3\InstallDriver.exe
2006-12-15 17:30 28,672 ----a-w C:\WINDOWS\inf\WG111v3\SetDrv.exe
2006-12-15 17:30 212,992 ----a-w C:\WINDOWS\inf\WG111v3\CopyWHQLDriver.exe
2006-12-15 17:30 20,480 ----a-w C:\WINDOWS\inf\WG111v3\RTWUPath.exe
2006-12-15 17:30 19,968 ----a-w C:\WINDOWS\inf\WG111v3\RTWREFU.EXE
2006-07-10 04:10 394 ----a-w C:\Documents and Settings\Owner\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((( [email protected]_12.33.28.54 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-01-06 17:43:47 40,516 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-01-06 20:32:05 40,516 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-01-06 17:43:47 312,572 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-01-06 20:32:05 312,572 ----a-w C:\WINDOWS\system32\perfh009.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 10:24 1694208]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2003-06-18 20:00 200704]
"SpySweeper"="C:\Program Files\Webroot\Spy Sweeper\SpySweeper.exe" [2005-01-06 12:45 3552256]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"BJCFD"="C:\Program Files\BroadJump\Client Foundation\CFD.exe" [2002-09-10 20:26 368706]
"IPInSightLAN 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPClient.exe" [2003-06-11 00:52 380928]
"IPInSightMonitor 02"="C:\Program Files\Visual Networks\Visual IP InSight\SBC\IPMon32.exe" [2003-06-11 00:52 122880]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_08\bin\jusched.exe" [2006-07-26 03:03 49263]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-06-29 05:24 286720]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-07-31 17:44 271672]
"!AVG Anti-Spyware"="C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 03:25 6731312]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\BigFix.lnk
backup=C:\WINDOWS\pss\BigFix.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AOL Spyware Protection]
C:\PROGRA~1\COMMON~1\AOL\AOLSPY~1\AOLSP Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
C:\Program Files\Messenger\msmsgs.exe /background

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
2003-11-01 03:42 32768 --a------ C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSC_UserPrompt]
2004-11-02 16:59 218240 --a------ C:\Program Files\Common Files\Symantec Shared\Security Center\UsrPrmpt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunKistEM]
C:\Program Files\Digital Media Reader\shwiconem.exe

*Newly Created Service* - AVGASCLN
.
Contents of the 'Scheduled Tasks' folder
"2007-12-10 17:16:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2004-11-21 21:02:31 C:\WINDOWS\Tasks\ISP signup reminder 1.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2004-11-21 21:02:32 C:\WINDOWS\Tasks\ISP signup reminder 2.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2004-11-21 21:02:32 C:\WINDOWS\Tasks\ISP signup reminder 3.job"
- C:\WINDOWS\system32\OOBE\oobebaln.exe
"2008-01-06 19:56:29 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-01-06 14:41:17
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-01-06 14:42:10
ComboFix-quarantined-files.txt 2008-01-06 20:41:54
ComboFix2.txt 2008-01-06 18:33:52
.
2008-01-06 17:10:31 --- E O F ---

Edited by xuznx, 06 January 2008 - 03:07 PM.

  • 0

#4
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hi again,

Go ahead and delete this folder then:
C:\Documents and Settings\Administrator\Application Data\You've Got Pictures Screensaver

* Click here to download HJTsetup.exe
  • Save HJTsetup.exe to your desktop.
  • Doubleclick on the HJTsetup.exe icon on your desktop.
  • By default it will install to C:\Program Files\Hijack This.
  • Continue to click Next in the setup dialogue boxes until you get to the Select Addition Tasks dialogue.
  • Put a check by Create a desktop icon then click Next again.
  • Continue to follow the rest of the prompts from there.
  • At the final dialogue box click Finish and it will launch Hijack This.
  • Click on the Do a system scan and save a logfile button. It will scan and the log should open in notepad.
  • Click on "Edit > Select All" then click on "Edit > Copy" to copy the entire contents of the log.
  • Come back here to this thread and Paste the log in your next reply.
  • DO NOT have Hijack This fix anything yet. Most of what it finds will be harmless or even required.

  • 0

#5
xuznx

xuznx

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Hey Tigger, the link to download HiJackThis is dead. I tried going here but once downloaded windows wouldn't open it. Anyway my computer is working great now, thanks for taking a look at the log.
  • 0

#6
Tigger93

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP