Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Malware Infection on my Computer- Please Help

Started by Ammar , Jan 31 2008 11:20 PM

  • This topic is locked This topic is locked

#16
Rorschach112
Posted 05 February 2008 - 08:22 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\WINDOWS\Media\csrss.exe

Registry::
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\tgrcfyhl]
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvuttut]


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Also post a new HijackThis log
  • 0

Advertisements

#17
Ammar
Posted 05 February 2008 - 05:59 PM

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Heres my combofix log

Just wanted to tell you, that when i combined the the log into combofix, The program asked me if I was sure I wanted to do this. And mistakenly I clicked no. SO the program some how also got deleted. Then I downloaded the program again and combined the log. Just wanted to let you know.

ComboFix 08-02.05.3 - Owner 2008-02-05 16:51:23.3 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.135 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\WINDOWS\Media\csrss.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\Media\csrss.exe

.
((((((((((((((((((((((((( Files Created from 2008-01-05 to 2008-02-05 )))))))))))))))))))))))))))))))
.

2008-02-04 17:25 . 2008-02-04 17:25 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-04 17:13 . 2008-02-02 19:01 <DIR> d-------- C:\SDFix
2008-02-03 02:00 . 2008-02-03 02:00 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-02 03:42 . 2008-02-02 03:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 19:45 . 2008-02-01 19:45 <DIR> d-------- C:\Deckard
2008-01-28 22:08 . 2008-01-28 22:08 <DIR> d-------- C:\Program Files\Youdagames
2008-01-28 15:37 . 2008-01-28 15:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jasc Software Inc
2008-01-28 15:27 . 2008-01-28 15:27 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-01-28 15:14 . 2008-01-28 15:14 <DIR> d-------- C:\WINDOWS\etb
2008-01-28 13:36 . 2008-01-13 20:07 955 --a------ C:\WINDOWS\win.tmp
2008-01-28 13:36 . 2007-12-03 22:41 258 --a------ C:\WINDOWS\system.tmp
2008-01-28 13:32 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-01-28 13:32 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-01-27 03:01 . 2008-01-27 03:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-01-27 02:58 . 2008-01-27 02:58 <DIR> d-------- C:\Program Files\Uniblue
2008-01-26 23:46 . 2008-01-26 23:46 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-26 23:46 . 2008-01-26 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-26 23:44 . 2008-01-26 23:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 22:44 . 2008-01-26 22:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-01-26 22:44 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-26 22:44 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-26 22:44 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-26 22:44 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-22 15:10 . 2008-01-22 15:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Youdagames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 18:40 --------- d-----w C:\Documents and Settings\Home\Application Data\Yahoo!
2007-12-14 18:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-13 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-10 03:27 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-09-29 18:27 32,640 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2002-03-13 05:07 9,474 ----a-w C:\Program Files\myth.nfo
2000-02-03 17:51 22,016 ----a-w C:\Documents and Settings\Owner\TRAINER.EXE
1999-09-18 18:17 15,128 ----a-w C:\Documents and Settings\Owner\WUNPACK.EXE
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eyeBeam SIP Client"="C:\Program Files\ineen\ineen.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-01-27 03:11 1885464]
"Spyware Doctor"="C:\Program Files\Ares\spyware doctor\swdoctor.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"Athan"="C:\Program Files\Athan\Athan.exe" [ ]
"RecSche"="C:\Program Files\TVR\RecSche.exe" [ ]
"WinDVRCtrl"="C:\WINDOWS\WDVRCtrl.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE" [ ]
"ScanRegistry"="C:\W" [ ]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"SiSPower"="SiSPower.dll" []
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [ ]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [ ]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [ ]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 05:09 106496]
"Cricinfo Desktop Alerts"="C:\Program Files\Cricinfo Desktop Alerts\Cricinfo_Desktop_Alerts.exe" [ ]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [ ]
"USB Storage Toolbox"="C:\WINDOWS\UMStor\Res.EXE" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]
"Spyware Doctor"="C:\Program Files\Ares\Spyware Doctor\swdoctor.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

R3 AVHybrid;AVHybrid service;C:\WINDOWS\system32\DRIVERS\AVHybrid.sys [2005-07-01 12:01]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-05 23:43:18 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-02-02 03:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/task:
"2008-01-24 15:41:18 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-05 23:41:16 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-02 10:00:02 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-05 23:41:16 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-05 23:44:10 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-05 16:54:48
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-05 16:55:47
ComboFix-quarantined-files.txt 2008-02-05 23:55:44
ComboFix3.txt 2008-02-02 20:36:12
ComboFix2.txt 2008-02-05 00:55:26
.
2008-02-05 23:44:57 --- E O F ---

Edited by Ammar, 05 February 2008 - 06:05 PM.

  • 0

#18
Ammar
Posted 05 February 2008 - 06:01 PM

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
heres my HijackThis log:
Thanks man



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 5:00:52 PM, on 05/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\WINDOWS\System32\wdfmgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\explorer.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\System32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cricket.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.c...://ca.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Ares\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Ares\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TVR\RecSche.exe"
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Cricinfo Desktop Alerts] "C:\Program Files\Cricinfo Desktop Alerts\Cricinfo_Desktop_Alerts.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\ineen\ineen.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Ares\spyware doctor\swdoctor.exe" /Q
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ammarhakim.sp...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.zapak.com...h2.1.0.0.53.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1129506290012
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave...tg.1.0.0.33.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay10...ex/HMAtchmt.ocx
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Ares\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11814 bytes
  • 0

#19
Ammar
Posted 05 February 2008 - 06:15 PM

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Anything else left to do?
  • 0

#20
Rorschach112
Posted 05 February 2008 - 06:36 PM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Hello

Go to this site:
http://www.virustotal.com/
On top you'll find 'Browse'
Click the browse button and browse to the file:

C:\Documents and Settings\Owner\WUNPACK.EXE

Click open.
Then click the 'Send' button next to it.
This will scan the file. Please be patient.
Once scanned, copy and paste the results as well in your next reply.

Repeat it for this file

C:\Documents and Settings\Owner\TRAINER.EXE



1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.



Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

  • 0

#21
Ammar
Posted 05 February 2008 - 07:45 PM

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Just wanted to tell you something, I still think I have Spyware Doctor on my Computer.
  • 0

#22
Ammar
Posted 05 February 2008 - 08:00 PM

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
File WUNPACK.EXE received on 02.06.2008 02:48:34 (CET)

Current status: finished

Result: 24/32 (75.00%)

Compact Compact

Print results Print results

Antivirus Version Last Update Result
AhnLab-V3 2008.2.6.10 2008.02.05 Win32/Virut.B
AntiVir 7.6.0.62 2008.02.05 W32/Virut.AX
Authentium 4.93.8 2008.02.05 W32/Virut.7116
Avast 4.7.1098.0 2008.02.05 Win32:Virtob
AVG 7.5.0.516 2008.02.05 Win32/Virut
BitDefender 7.2 2008.02.06 Win32.Virtob.BQ
CAT-QuickHeal 9.00 2008.02.04 W32.Virut.Z
ClamAV 0.92 2008.02.06 -
DrWeb 4.44.0.09170 2008.02.05 Win32.Virut.30
eSafe 7.0.15.0 2008.01.28 -
eTrust-Vet 31.3.5512 2008.02.05 Win32/Virut.7115
Ewido 4.0 2008.02.05 -
FileAdvisor 1 2008.02.06 -
Fortinet 3.14.0.0 2008.02.05 -
F-Prot 4.4.2.54 2008.02.05 -
F-Secure 6.70.13260.0 2008.02.06 W32/Virut.AG
Ikarus T3.1.1.20 2008.02.06 Virus.Win32.Virut.av
Kaspersky 7.0.0.125 2008.02.06 Virus.Win32.Virut.av
McAfee 5223 2008.02.05 W32/Virut.gen.a
Microsoft 1.3204 2008.02.05 Virus:Win32/Virut.AC
NOD32v2 2851 2008.02.05 Win32/Virut.AV
Norman 5.80.02 2008.02.05 W32/Virut.AG
Panda 9.0.0.4 2008.02.05 W32/Virutas.Z
Prevx1 V2 2008.02.06 -
Rising 20.29.22.00 2008.01.30 Win32.Virut.an
Sophos 4.26.0 2008.02.05 W32/Virut-W
Sunbelt 2.2.907.0 2008.02.05 VIPRE.Suspicious
Symantec 10 2008.02.06 W32.Virut.W
TheHacker 6.2.9.210 2008.02.06 -
VBA32 3.12.6.0 2008.02.06 Virus.Win32.Virut.2
VirusBuster 4.3.26:9 2008.02.05 Win32.Virut.Gen.4
Webwasher-Gateway 6.6.2 2008.02.06 Win32.Virut.AX
Additional information
File size: 15128 bytes
MD5: 1b016dc79837069e0d824d5846288ec2
SHA1: 1c43d8936b1d8ec20dbfb2956d4e5f7be3d7b040
PEiD: -
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.
  • 0

#23
Rorschach112
Posted 06 February 2008 - 07:27 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Do this

1. Close any open browsers.

2. Open notepad and copy/paste the text in the quotebox below into it:

File::
C:\Documents and Settings\Owner\TRAINER.EXE
C:\Documents and Settings\Owner\WUNPACK.EXE


Save this as CFScript.txt, in the same location as ComboFix.exe


Posted Image

Refering to the picture above, drag CFScript into ComboFix.exe

When finished, it shall produce a log for you at "C:\ComboFix.txt"

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



Then continue with the SUPERAntiSpyware step and post a new HijackThis log and tell me how your PC is running
  • 0

#24
Ammar
Posted 06 February 2008 - 08:05 PM

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Ok HI.
Heres my Trainer.exe post responding to your second last post. The Wunpack.exe was posted earlier. I will do the combofix combining part now as I thought if I do both it will be better, so the combofix log should be posted in a second. After that I will go through with the SUPERantispyware stuff.
Sorry For the unresponsivness from me for the virustotal thing, the site just wasnt working.
Thanks alot


File TRAINER.EXE received on 02.06.2008 03:03:57 (CET)
Current status: finished
Result: 26/32 (81.25%)
Compact Compact
Print results Print results
Antivirus Version Last Update Result
AhnLab-V3 2008.2.6.10 2008.02.05 Win32/Virut.B
AntiVir 7.6.0.62 2008.02.05 W32/Virut.AX
Authentium 4.93.8 2008.02.05 W32/Virut.7116
Avast 4.7.1098.0 2008.02.05 Win32:Virtob
AVG 7.5.0.516 2008.02.05 Win32/Virut
BitDefender 7.2 2008.02.06 Win32.Virtob.BQ
CAT-QuickHeal 9.00 2008.02.04 W32.Virut.Z
ClamAV 0.92 2008.02.06 W32.Virut-17
DrWeb 4.44.0.09170 2008.02.05 Win32.Virut.30
eSafe 7.0.15.0 2008.01.28 suspicious Trojan/Worm
eTrust-Vet 31.3.5512 2008.02.05 Win32/Virut.7115
Ewido 4.0 2008.02.05 -
FileAdvisor 1 2008.02.06 -
Fortinet 3.14.0.0 2008.02.05 -
F-Prot 4.4.2.54 2008.02.05 -
F-Secure 6.70.13260.0 2008.02.06 W32/Virut.AG
Ikarus T3.1.1.20 2008.02.06 Virus.Win32.Virut.av
Kaspersky 7.0.0.125 2008.02.06 Virus.Win32.Virut.av
McAfee 5223 2008.02.05 W32/Virut.gen.a
Microsoft 1.3204 2008.02.05 Virus:Win32/Virut.AC
NOD32v2 2851 2008.02.05 Win32/Virut.AV
Norman 5.80.02 2008.02.05 W32/Virut.AG
Panda 9.0.0.4 2008.02.05 W32/Virutas.Z
Prevx1 V2 2008.02.06 -
Rising 20.29.22.00 2008.01.30 Win32.Virut.an
Sophos 4.26.0 2008.02.05 W32/Virut-W
Sunbelt 2.2.907.0 2008.02.05 VIPRE.Suspicious
Symantec 10 2008.02.06 W32.Virut.W
TheHacker 6.2.9.210 2008.02.06 -
VBA32 3.12.6.0 2008.02.06 Virus.Win32.Virut.2
VirusBuster 4.3.26:9 2008.02.05 Win32.Virut.Gen.4
Webwasher-Gateway 6.6.2 2008.02.06 Win32.Virut.AX
Additional information
File size: 22016 bytes
MD5: 1348ce9ef789042238dfe8df84679bc8
SHA1: 12cb4166eae45eff9deea44a94a8741fb4fb7294
PEiD: -
packers: UPX
Sunbelt info: VIPRE.Suspicious is a generic detection for potential threats that are deemed suspicious through heuristics.

Edited by Ammar, 06 February 2008 - 09:30 PM.

  • 0

#25
Ammar
Posted 06 February 2008 - 09:46 PM

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Heres my COmboFix log from combining the two files:


Also would you like me to post the SUPERantispyware log and a new hijackthis log? or just the Superantispyware log?

ComboFix 08-02.05.3 - Owner 2008-02-06 20:31:35.4 - FAT32x86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.198 [GMT -7:00]
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE
C:\Documents and Settings\Owner\TRAINER.EXE
C:\Documents and Settings\Owner\WUNPACK.EXE
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\TRAINER.EXE
C:\Documents and Settings\Owner\WUNPACK.EXE

.
((((((((((((((((((((((((( Files Created from 2008-01-07 to 2008-02-07 )))))))))))))))))))))))))))))))
.

2008-02-05 16:50 . 2004-08-04 00:56 395,776 --a------ C:\kmd.exe
2008-02-04 17:25 . 2008-02-04 17:25 <DIR> d-------- C:\WINDOWS\ERUNT
2008-02-04 17:13 . 2008-02-02 19:01 <DIR> d-------- C:\SDFix
2008-02-03 02:00 . 2008-02-03 02:00 <DIR> d-------- C:\Program Files\Windows Defender
2008-02-02 03:42 . 2008-02-02 03:42 <DIR> d-------- C:\Program Files\Trend Micro
2008-02-01 19:45 . 2008-02-01 19:45 <DIR> d-------- C:\Deckard
2008-01-28 22:08 . 2008-01-28 22:08 <DIR> d-------- C:\Program Files\Youdagames
2008-01-28 15:37 . 2008-01-28 15:37 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Jasc Software Inc
2008-01-28 15:27 . 2008-01-28 15:27 <DIR> d-------- C:\Program Files\Jasc Software Inc
2008-01-28 15:14 . 2008-01-28 15:14 <DIR> d-------- C:\WINDOWS\etb
2008-01-28 13:36 . 2008-01-13 20:07 955 --a------ C:\WINDOWS\win.tmp
2008-01-28 13:36 . 2007-12-03 22:41 258 --a------ C:\WINDOWS\system.tmp
2008-01-28 13:32 . 2006-08-24 11:40 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2008-01-28 13:32 . 2006-07-10 16:38 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2008-01-27 03:01 . 2008-01-27 03:01 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-01-27 02:58 . 2008-01-27 02:58 <DIR> d-------- C:\Program Files\Uniblue
2008-01-26 23:46 . 2008-01-26 23:46 <DIR> d-------- C:\Program Files\Lavasoft
2008-01-26 23:46 . 2008-01-26 23:46 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-01-26 23:44 . 2008-01-26 23:44 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-01-26 22:44 . 2008-01-26 22:44 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\PC Tools
2008-01-26 22:44 . 2007-12-10 14:53 81,288 --a------ C:\WINDOWS\system32\drivers\iksyssec.sys
2008-01-26 22:44 . 2007-12-10 14:53 66,952 --a------ C:\WINDOWS\system32\drivers\iksysflt.sys
2008-01-26 22:44 . 2007-12-10 14:53 41,864 --a------ C:\WINDOWS\system32\drivers\ikfilesec.sys
2008-01-26 22:44 . 2007-12-10 14:53 29,576 --a------ C:\WINDOWS\system32\drivers\kcom.sys
2008-01-22 15:10 . 2008-01-22 15:10 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Youdagames

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-24 18:40 --------- d-----w C:\Documents and Settings\Home\Application Data\Yahoo!
2007-12-14 18:32 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2007-12-13 23:53 --------- d-----w C:\Documents and Settings\All Users\Application Data\MumboJumbo
2007-12-10 03:27 --------- d-----w C:\Program Files\USB Disk Win98 Driver
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\lsasrv.dll
2007-11-07 09:26 721,920 ------w C:\WINDOWS\system32\dllcache\lsasrv.dll
2007-09-29 18:27 32,640 ----a-w C:\Documents and Settings\Owner\Application Data\GDIPFONTCACHEV1.DAT
2002-03-13 05:07 9,474 ----a-w C:\Program Files\myth.nfo
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"eyeBeam SIP Client"="C:\Program Files\ineen\ineen.exe" [ ]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [ ]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [ ]
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" [2008-01-27 03:11 1885464]
"Spyware Doctor"="C:\Program Files\Ares\spyware doctor\swdoctor.exe" [ ]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"FlashPlayerUpdate"="C:\WINDOWS\system32\Macromed\Flash\NPSWF32_FlashUtil.exe" [2007-06-11 13:34 190696]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LXSUPMON"="C:\WINDOWS\System32\LXSUPMON.exe" [ ]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [ ]
"Athan"="C:\Program Files\Athan\Athan.exe" [ ]
"RecSche"="C:\Program Files\TVR\RecSche.exe" [ ]
"WinDVRCtrl"="C:\WINDOWS\WDVRCtrl.exe" [ ]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"ccApp"="C:\Program Files\Common Files\Symantec Shared\ccApp.exe" [ ]
"Advanced Tools Check"="C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE" [ ]
"ScanRegistry"="C:\W" [ ]
"AdaptecDirectCD"="C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe" [ ]
"SiSPower"="SiSPower.dll" []
"lxctmon.exe"="C:\Program Files\Lexmark 5400 Series\lxctmon.exe" [ ]
"Lexmark 5400 Series Fax Server"="C:\Program Files\Lexmark 5400 Series\fm3032.exe" [ ]
"EzPrint"="C:\Program Files\Lexmark 5400 Series\ezprint.exe" [ ]
"LXCTCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll" [2006-06-07 05:09 106496]
"Cricinfo Desktop Alerts"="C:\Program Files\Cricinfo Desktop Alerts\Cricinfo_Desktop_Alerts.exe" [ ]
"StartCCC"="C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [ ]
"RemoteControl"="C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe" [ ]
"LanguageShortcut"="C:\Program Files\CyberLink\PowerDVD\Language\Language.exe" [ ]
"NeroFilterCheck"="C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe" [ ]
"USB Storage Toolbox"="C:\WINDOWS\UMStor\Res.EXE" [ ]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 19:20 866584]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [ ]
"Spyware Doctor"="C:\Program Files\Ares\Spyware Doctor\swdoctor.exe" [ ]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 01:01:04 83360]

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Adobe Reader Speed Launch.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Adobe Reader Speed Launch.lnk
backup=C:\WINDOWS\pss\Adobe Reader Speed Launch.lnkCommon Startup

R3 AVHybrid;AVHybrid service;C:\WINDOWS\system32\DRIVERS\AVHybrid.sys [2005-07-01 12:01]
R3 NPDriver;Norton Unerase Protection Driver;C:\WINDOWS\System32\Drivers\NPDRIVER.SYS [2002-08-14 06:03]
R3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-03 23:01]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-07 03:23:22 C:\WINDOWS\Tasks\Symantec NetDetect.job"
- C:\Program Files\Symantec\LiveUpdate\NDETECT.EXE
"2008-02-02 03:00:02 C:\WINDOWS\Tasks\Norton AntiVirus - Scan my computer.job"
- C:\PROGRA~1\NORTON~2\Navw32.exeh/task:
"2008-01-24 15:41:18 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-07 00:00:02 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-02-02 10:00:02 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-07 00:00:02 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-02-06 23:32:20 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-06 20:34:46
Windows 5.1.2600 Service Pack 2 FAT NTAPI

detected NTDLL code modification:
ZwOpenFile

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-06 20:35:41
ComboFix-quarantined-files.txt 2008-02-07 03:35:40
ComboFix4.txt 2008-02-02 20:36:12
ComboFix3.txt 2008-02-05 00:55:26
ComboFix2.txt 2008-02-05 23:55:50
.
2008-02-05 23:44:57 --- E O F ---
  • 0

Advertisements

#26
Ammar
Posted 06 February 2008 - 11:21 PM

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
And Finally heres my SUPERantispyware scan log:
Thanks alot in advance. My HijackThis log is coming up in the next post





SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/06/2008 at 10:11 PM

Application Version : 3.9.1008

Core Rules Database Version : 3397
Trace Rules Database Version: 1389

Scan type : Complete Scan
Total Scan Time : 01:18:44

Memory items scanned : 400
Memory threats detected : 0
Registry items scanned : 6433
Registry threats detected : 9
File items scanned : 51914
File threats detected : 146

Trojan.WinFixer
HKLM\Software\Classes\CLSID\{79E1B17D-D35F-4016-8F1E-DC272C10CAE4}
HKCR\CLSID\{79E1B17D-D35F-4016-8F1E-DC272C10CAE4}
HKCR\CLSID\{79E1B17D-D35F-4016-8F1E-DC272C10CAE4}\InprocServer32
HKCR\CLSID\{79E1B17D-D35F-4016-8F1E-DC272C10CAE4}\InprocServer32#ThreadingModel
C:\WINDOWS\SYSTEM32\SSQRS.DLL

Adware.Tracking Cookie
C:\Documents and Settings\Owner\Cookies\owner@atdmt[2].txt
C:\Documents and Settings\Owner\Cookies\owner@doubleclick[1].txt
C:\Deckard\System Scanner\20080202033705\backup\DOCUME~1\Owner\LOCALS~1\Temp\Cookies\owner@atdmt[2].txt

Adware.Elite Media
C:\WINDOWS\etb\xml\images
C:\WINDOWS\etb\xml\categories
C:\WINDOWS\etb\xml
C:\WINDOWS\etb

Malware.LocusSoftware Inc/PCPrivacyTool
HKLM\Software\Purchased Products
HKLM\Software\Purchased Products\System Error Repair
HKLM\Software\Purchased Products\System Error Repair#domain
HKLM\Software\Purchased Products\System Error Repair#pname
HKLM\Software\Purchased Products\System Error Repair#cname

Adware.WhenU
C:\PROGRAM FILES\DAEMON TOOLS\SETUPDTSB.EXE

Trojan.Vundo/Variant-Installer
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223126.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223177.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223255.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223612.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223795.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0224995.EXE
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\SSQRS.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCX285E.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCX315C.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCX3218.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCX3288.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCX3C9C.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCX416F.TMP.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\RCX468F.TMP.VIR

Trojan.Vundo/Variant-Installer/A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223140.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223141.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223142.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223143.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223144.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223145.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223188.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223228.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223229.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223230.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223231.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223232.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223233.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223234.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223235.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223236.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223237.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223238.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223239.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223240.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223241.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223242.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223243.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223244.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223245.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223246.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223247.EXE
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223248.EXE
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX11F1.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX1224.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX14C7.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\TMP11EF.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX29.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX32.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX137.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX146.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX149.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX14C.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX3210.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX19E6.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX26C8.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX26DC.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX3348.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX33BF.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX26EB.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX3161.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX30D3.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX317D.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX30E7.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX3144.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX335E.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX3D1C.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX3D24.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX3D35.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX3206.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX324A.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX3680.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX3689.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX3C87.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX4258.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX4273.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX3C98.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RCX42D9.TMP
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\STORAGEPROTECTOR\STRPMON .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\STORAGEPROTECTOR\STRPMON .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\STORAGEPROTECTOR\STRPMON .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\STORAGEPROTECTOR\STRPMON .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\STORAGEPROTECTOR\STRPMON .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\STORAGEPROTECTOR\STRPMON.EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\MICROSOFT ANTISPYWARE\GCASSERV .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK .EXE.VIR
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\QUICKTIME\QTTASK.EXE.VIR

Rogue.StorageProtector/Trace
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223146.EXE
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\TMP31ED.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\TMP3587.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\TMP3204.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\TMP337A.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\TMP324E.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\TMP368C.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\TMP3D2A.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\TMP42DA.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\TMP42DD.TMP
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\TMP425C.TMP
C:\QOOBOX\QUARANTINE\C\PROGRAM FILES\COMMON FILES\STORAGEPROTECTOR\STRPMON .EXE.VIR

Adware.Vundo-Variant/Small-A
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223205.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223206.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223208.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{DEE11DAB-441C-474F-8167-C748CE18F7BD}\RP543\A0223209.DLL

Malware.LocusSoftware Inc/BestSellerAntivirus
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\QRJATYDI.EXE
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\XQEDQKPR.EXE
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\MOFUGCLQ.EXE
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\URCLQECD.EXE
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\RHVQSUWB.EXE
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\VNTMRYKT.EXE
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\DSWTMHMJ.EXE
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\DLWIXOQL.EXE
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\EXJEGPQB.EXE
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\NGPROXVF.EXE
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\PEUAGBSX.EXE
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\MOFUGCLQ.EXE
C:\DECKARD\SYSTEM SCANNER\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\QRJATYDI.EXE

Trojan.Downloader-Gen/DDC
C:\DECKARD\SYSTEM SCANNER\20080202033705\BACKUP\DOCUME~1\OWNER\LOCALS~1\TEMP\QGDNLHQG.EXE

Trojan.NewDotNet
C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_38.EXE.VIR
C:\QOOBOX\QUARANTINE\C\WINDOWS\NDNUNINSTALL6_98.EXE.VIR
  • 0

#27
Ammar
Posted 06 February 2008 - 11:22 PM

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Heres my HijackThis log:
I will tell you about my computers performance, aswell as some of the questiosn I have in the coming next post.
Thanks ALot




Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:21:45 PM, on 06/02/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16574)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\WINDOWS\system32\crypserv.exe
C:\WINDOWS\system32\lxctcoms.exe
C:\Program Files\Norton AntiVirus\navapsvc.exe
C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
C:\Program Files\CyberLink\Shared Files\RichVideo.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\Program Files\Norton AntiVirus\SAVScan.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.cricket.org/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://ca.rd.yahoo.c...://ca.yahoo.com
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\Ares\SPYWAR~1\tools\iesdsg.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\Ares\SPYWAR~1\tools\iesdpb.dll
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O2 - BHO: CNavExtBho Class - {BDF3E430-B101-42AD-A544-FADC6B084872} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: MSN - {BDAD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)
O3 - Toolbar: Norton AntiVirus - {42CDD1BF-3FFB-4238-8AD1-7859DF00B1D6} - C:\Program Files\Norton AntiVirus\NavShExt.dll
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: Lexmark Toolbar - {1017A80C-6F09-4548-A84D-EDD6AC9525F0} - C:\Program Files\Lexmark Toolbar\toolband.dll
O4 - HKLM\..\Run: [LXSUPMON] C:\WINDOWS\System32\LXSUPMON.EXE RUN
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [Athan] C:\Program Files\Athan\Athan.exe
O4 - HKLM\..\Run: [RecSche] "C:\Program Files\TVR\RecSche.exe"
O4 - HKLM\..\Run: [WinDVRCtrl] C:\WINDOWS\WDVRCtrl.exe
O4 - HKLM\..\Run: [SunJavaUpdateSched] C:\Program Files\Java\jre1.5.0_05\bin\jusched.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask .exe" -atboottime
O4 - HKLM\..\Run: [ccApp] "C:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [Advanced Tools Check] C:\PROGRA~1\NORTON~2\AdvTools\ADVCHK.EXE
O4 - HKLM\..\Run: [ScanRegistry] C:\W
O4 - HKLM\..\Run: [AdaptecDirectCD] "C:\Program Files\Adaptec\Easy CD Creator 5\DirectCD\DirectCD.exe"
O4 - HKLM\..\Run: [SiSPower] Rundll32.exe SiSPower.dll,ModeAgent
O4 - HKLM\..\Run: [lxctmon.exe] "C:\Program Files\Lexmark 5400 Series\lxctmon.exe"
O4 - HKLM\..\Run: [Lexmark 5400 Series Fax Server] "C:\Program Files\Lexmark 5400 Series\fm3032.exe" /s
O4 - HKLM\..\Run: [EzPrint] "C:\Program Files\Lexmark 5400 Series\ezprint.exe"
O4 - HKLM\..\Run: [LXCTCATS] rundll32 C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\LXCTtime.dll,_RunDLLEntry@16
O4 - HKLM\..\Run: [Cricinfo Desktop Alerts] "C:\Program Files\Cricinfo Desktop Alerts\Cricinfo_Desktop_Alerts.exe"
O4 - HKLM\..\Run: [StartCCC] C:\Program Files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe
O4 - HKLM\..\Run: [RemoteControl] "C:\Program Files\CyberLink\PowerDVD\PDVDServ.exe"
O4 - HKLM\..\Run: [LanguageShortcut] "C:\Program Files\CyberLink\PowerDVD\Language\Language.exe"
O4 - HKLM\..\Run: [NeroFilterCheck] C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe
O4 - HKLM\..\Run: [USB Storage Toolbox] C:\WINDOWS\UMStor\Res.EXE
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKCU\..\Run: [eyeBeam SIP Client] "C:\Program Files\ineen\ineen.exe"
O4 - HKCU\..\Run: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKCU\..\Run: [Spyware Doctor] "C:\Program Files\Ares\spyware doctor\swdoctor.exe" /Q
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Startup: LimeWire On Startup.lnk = C:\Program Files\LimeWire\LimeWire.exe
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office10\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_05\bin\npjpi150_05.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {00B71CFB-6864-4346-A978-C0A14556272C} (Checkers Class) - http://messenger.zon...kr.cab31267.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://ammarhakim.sp...ad/MsnPUpld.cab
O16 - DPF: {5D6F45B3-9043-443D-A792-115447494D24} (UnoCtrl Class) - http://messenger.zon...1/GAME_UNO1.cab
O16 - DPF: {639658F3-B141-4D6B-B936-226F75A5EAC3} (CPlayFirstDinerDash2Control Object) - http://www.zapak.com...h2.1.0.0.53.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1129506290012
O16 - DPF: {8E0D4DE5-3180-4024-A327-4DFAD1796A8D} (MessengerStatsClient Class) - http://messenger.zon...nt.cab31267.cab
O16 - DPF: {BAE1D8DF-0B35-47E3-A1E7-EEB3FF2ECD19} (CPlayFirstddfotgControl Object) - http://www.shockwave...tg.1.0.0.33.cab
O16 - DPF: {C3F79A2B-B9B4-4A66-B012-3EE46475B072} (MessengerStatsClient Class) - http://messenger.zon...nt.cab56907.cab
O16 - DPF: {F04A8AE2-A59D-11D2-8792-00C04F8EF29D} (Hotmail Attachments Control) - http://by109fd.bay10...ex/HMAtchmt.ocx
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: ATI Smart - Unknown owner - C:\WINDOWS\system32\ati2sgag.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
O23 - Service: Symantec Password Validation (ccPwdSvc) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccPwdSvc.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
O23 - Service: Crypkey License - Kenonic Controls Ltd. - C:\WINDOWS\SYSTEM32\crypserv.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: IMAPI CD-Burning COM Service (ImapiService) - Roxio Inc. - C:\WINDOWS\system32\ImapiRox.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: lxct_device - - C:\WINDOWS\system32\lxctcoms.exe
O23 - Service: Norton AntiVirus Auto Protect Service (navapsvc) - Symantec Corporation - C:\Program Files\Norton AntiVirus\navapsvc.exe
O23 - Service: NBService - Nero AG - C:\Program Files\Nero\Nero 7\Nero BackItUp\NBService.exe
O23 - Service: Norton Unerase Protection (NProtectService) - Symantec Corporation - C:\Program Files\Norton AntiVirus\AdvTools\NPROTECT.EXE
O23 - Service: Cyberlink RichVideo Service(CRVS) (RichVideo) - Unknown owner - C:\Program Files\CyberLink\Shared Files\RichVideo.exe
O23 - Service: SAVScan - Symantec Corporation - C:\Program Files\Norton AntiVirus\SAVScan.exe
O23 - Service: ScriptBlocking Service (SBService) - Symantec Corporation - C:\PROGRA~1\COMMON~1\SYMANT~1\SCRIPT~1\SBServ.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsAuxs.exe (file missing)
O23 - Service: PC Tools Security Service (sdCoreService) - Unknown owner - C:\Program Files\Spyware Doctor\pctsSvc.exe (file missing)
O23 - Service: PC Tools Spyware Doctor (SDhelper) - Unknown owner - C:\Program Files\Ares\Spyware Doctor\sdhelp.exe (file missing)
O23 - Service: Symantec Core LC - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe

--
End of file - 11899 bytes
  • 0

#28
Ammar
Posted 06 February 2008 - 11:30 PM

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Ok well I think I have given you everything.
I have the Trainer.exe and the WUNPACK.exe scans from www.virustotal.com.
I have the COmboFix log from combining the CFScript with COmboFix program.
I have the SUPERantispyware log from the scan I did.
I have the new HijackThis log posted aswell.


Sorry for the confusion over the past couple days, as I was sort of lost. Thanks
Please tell me if I am missing anything you would of wanted, as I think I might of messed up.


1 thing I need to tell you is that, I didnt do this part:

1. Please re-open HiJackThis and choose do a system scan only. Check the boxes next to ONLY the entries listed below(if present):

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)

2. Now close all windows other than HiJackThis, including browsers, so that nothing other than HijackThis is open, then click Fix Checked. A box will pop up asking you if you wish to fix the selected items. Please choose YES. Once it has fixed them, please exit/close HijackThis.

Since you posted a new post, telling me to combine the COmboFix things, do the SUPERantispywre scan and perform to get the HijackTHis log only.
If you want me to do that part NOW I most certainly can. However if it was an important part and was supposed to be done earlier, I can system restore and go through the process again.

Thanks Alot



And finally for My PC's Performance,
Well the computer has been running normal ever since i told you that the spyware was deleted. Of late the computer, I feel, has slowed down just a bit, not to much though (maybe we could do some scan that could check again) and everytime I open Mozilla it slows down a little more. Maybe it is because I have a ram of 512 mb.
If we are done can you please tell me what software I should have for AntiSpyware and AntiVirus.



THANK YOU SO MUCH

Edited by Ammar, 06 February 2008 - 11:32 PM.

  • 0

#29
Rorschach112
Posted 07 February 2008 - 07:46 AM

Rorschach112

    Ralphie

  • Retired Staff
  • 47,710 posts
Yes we are done ! Few things to do

Fix these entries

O2 - BHO: ST - {9394EDE7-C8B5-483E-8773-474BF36AF6E4} - C:\Program Files\MSN Apps\ST\01.03.0000.1005\en-xu\stmain.dll (file missing)
O2 - BHO: MSNToolBandBHO - {BDBD1DAD-C946-4A17-ADC1-64B5B4FF55D0} - C:\Program Files\MSN Apps\MSN Toolbar\01.02.3000.1001\en-us\msntb.dll (file missing)



Now lets uninstall Combofix:
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK
The above procedure will do the following:
  • Delete ComboFix and its associated files and folders.
  • Delete VundoFix backups, if present
  • Delete the C:\Deckard folder, if present
  • Delete the C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Reset System Restore.



You now need to update your Java and remove your older versions.

Please follow these steps to remove older version Java components.

* Click Start > Control Panel.
* Click Add/Remove Programs.
* Check any item with Java Runtime Environment (JRE) in the name.
* Click the Remove or Change/Remove button.

Download the latest version of Java Runtime Environment (JRE), and install it to your computer from
here



Below I have included a number of recommendations for how to protect your computer against malware infections.

* Keep Windows updated by regularly checking their website at :
http://windowsupdate.microsoft.com/
This will ensure your computer has always the latest security updates available installed on your computer.

* To reduce re-infection for malware in the future, I strongly recommend installing these free programs:
SpywareBlaster protects against bad ActiveX
IE-SPYAD puts over 5000 sites in your restricted zone so you'll be protected when you visit innocent-looking sites that aren't actually innocent at all
Have a look at this tutorial for IE-Spyad here

* SpywareGuard offers realtime protection from spyware installation attempts.

Make Internet Explorer more secure
  • Click Start > Run
  • Type Inetcpl.cpl & click OK
  • Click on the Security tab
  • Click Reset all zones to default level
  • Make sure the Internet Zone is selected & Click Custom level
  • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
  • Next Click OK, then Apply button and then OK to exit the Internet Properties page.

* MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

* Please consider using an alternate browser. Mozilla's Firefox browser is fantastic; it is much more
secure than Internet Explorer, immune to almost all known browser hijackers, and also has the best built-in pop up
blocker (as an added benefit!) that I have ever seen. If you are interested, Firefox may be downloaded from
Here

* I notice that you have no firewall on your PC, this is extremely dangerous and leaves your PC open to vulnerabilities, so please download and install one of the following programs : ZoneAlarm, Comodo, or
Outpost
Make sure you only use one firewall though. A tutorial on understanding and using firewalls may be found here.

* I notice that you have no anti-virus program on your PC, this is extremely dangerous and leaves your PC open to vulnerabilities, so please download and install one of the following programs :
AVG makes an excellent free antivirus client, as do AntiVir or avast!.

* Take a good look at the following suggestions for malware prevention by reading Tony Klein’s article 'How Did I Get Infected In The First Place'
Here

Thank you for your patience, and performing all of the procedures requested.
  • 0

#30
Ammar
Posted 07 February 2008 - 04:57 PM

Ammar

    Member

  • Topic Starter
  • Member
  • PipPipPip
  • 119 posts
Hey
Thank you for your help,
I just have 3 more questions:
Should I delete SUPERantispyware?
and also should I install all of the recommended antispyware softwares above such as AVG, ANTIVIR, AVAST, SPyware gaurd, Spyware blaster? or just one? I was wondering becaue it says to install only one of the softwares, but I already have SUPERantisypware and also AD-Aware, so should I stick with that one or download the one you recomended.
Also I already have Windows Firewall( I THINK), and it says in your recommendations to only keep one firewall. SO what should I do?
Also, can you please help me download JRE, as i cannot..

Also, in your recommendations it says to use firefox. But I already do use Firefox

Edited by Ammar, 07 February 2008 - 05:41 PM.

  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP