Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

My hijack this log


  • Please log in to reply

#16
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
1. Please open Notepad
  • Click Start , then Run
  • type in notepad in the Run Box then hit ok.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
F:\WINDOWS\DA15D5355E1D4076B5208571346D6238.TMP
F:\WINDOWS\system32\ljjkkhi.dll
F:\WINDOWS\System32\orguoewx.dll
F:\WINDOWS\System32\cbxmteja.dll
Folder::
F:\Program Files\Viewpoint
Dirlook::
F:\WINDOWS\S2lkcyAy
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{0dcd7288-0542-4f1c-bae0-1b2cfb62f122}]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Raos"=-
"Infl"=-
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"237615a2"=-
[-HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\halzasal]
Driver::
Viewpoint Manager Service


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

Edited by kahdah, 06 April 2008 - 09:00 PM.
spelling

  • 0

Advertisements


#17
dvea

dvea

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Here they are:


ComboFix 08-02-17.2 - Veary 2008-02-18 20:35:11.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.0.1252.1.1033.18.67 [GMT -5:00]
Running from: F:\Documents and Settings\Veary\Desktop\ComboFix.exe
Command switches used :: F:\Documents and Settings\Veary\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
F:\WINDOWS\atid.ini
F:\WINDOWS\DA15D5355E1D4076B5208571346D6238.TMP
F:\WINDOWS\System32\cbxmteja.dll
F:\WINDOWS\system32\ljjkkhi.dll
F:\WINDOWS\System32\orguoewx.dll
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

F:\Program Files\Viewpoint
F:\Program Files\Viewpoint\Common\ViewpointService.exe
F:\Program Files\Viewpoint\Common\VistaBoot.sdll
F:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream.dll
F:\Program Files\Viewpoint\Viewpoint Media Player\AxMetaStream_0305000D.dll
F:\Program Files\Viewpoint\Viewpoint Media Player\ClassIDs.ini
F:\Program Files\Viewpoint\Viewpoint Media Player\ComponentMgr_0305001C.dll
F:\Program Files\Viewpoint\Viewpoint Media Player\ComponentRegistry.ini
F:\Program Files\Viewpoint\Viewpoint Media Player\Components\AOLUserShell.dll
F:\Program Files\Viewpoint\Viewpoint Media Player\Components\Cursors.dll
F:\Program Files\Viewpoint\Viewpoint Media Player\Components\JpegReader.dll
F:\Program Files\Viewpoint\Viewpoint Media Player\Components\Mts3Reader.dll
F:\Program Files\Viewpoint\Viewpoint Media Player\Components\SceneComponent.dll
F:\Program Files\Viewpoint\Viewpoint Media Player\Components\SreeDMMX.dll
F:\Program Files\Viewpoint\Viewpoint Media Player\Components\SWFView.dll
F:\Program Files\Viewpoint\Viewpoint Media Player\Components\VETScriptInterpreter.dll
F:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPSpeech.dll
F:\Program Files\Viewpoint\Viewpoint Media Player\Components\VMPVideo2.dll
F:\Program Files\Viewpoint\Viewpoint Media Player\DownLoadHist.ini
F:\Program Files\Viewpoint\Viewpoint Media Player\HostRegistry.ini
F:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamConfig.ini
F:\Program Files\Viewpoint\Viewpoint Media Player\MetaStreamID.ini
F:\Program Files\Viewpoint\Viewpoint Media Player\MtsAxInstaller.exe
F:\Program Files\Viewpoint\Viewpoint Media Player\MTSDownloadSites.txt
F:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
F:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.xpt
F:\WINDOWS\atid.ini
F:\WINDOWS\system32\ljjkkhi.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\LEGACY_VIEWPOINT_MANAGER_SERVICE
-------\Viewpoint Manager Service


((((((((((((((((((((((((( Files Created from 2008-01-19 to 2008-02-19 )))))))))))))))))))))))))))))))
.

2008-02-17 14:22 . 2008-02-17 15:43 <DIR> d-------- F:\WINDOWS\system32\ActiveScan
2008-02-17 14:22 . 2008-02-17 14:22 30,590 --a------ F:\WINDOWS\system32\pavas.ico
2008-02-17 14:22 . 2008-02-17 14:22 2,550 --a------ F:\WINDOWS\system32\Uninstall.ico
2008-02-17 14:22 . 2008-02-17 14:22 1,406 --a------ F:\WINDOWS\system32\Help.ico
2008-02-17 10:16 . 2008-02-17 15:36 <DIR> d-------- F:\Program Files\SUPERAntiSpyware
2008-02-17 10:16 . 2008-02-17 10:16 <DIR> d-------- F:\Program Files\Common Files\Wise Installation Wizard
2008-02-17 10:16 . 2008-02-17 10:16 <DIR> d-------- F:\Documents and Settings\Veary\Application Data\SUPERAntiSpyware.com
2008-02-17 10:16 . 2008-02-17 10:16 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-02-16 16:46 . 2008-02-16 16:46 <DIR> d-------- F:\Documents and Settings\Veary\Application Data\Grisoft
2008-02-16 16:45 . 2007-05-30 07:10 10,872 --a------ F:\WINDOWS\system32\drivers\AvgAsCln.sys
2008-02-16 16:44 . 2008-02-16 16:44 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Grisoft
2008-02-15 19:25 . 2008-02-15 19:25 <DIR> d-------- F:\WINDOWS\DA15D5355E1D4076B5208571346D6238.TMP
2008-02-15 19:21 . 2008-02-15 19:21 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\Rabio
2008-02-15 19:17 . 2008-02-16 17:30 <DIR> d--hs---- F:\WINDOWS\S2lkcyAy
2008-02-15 19:17 . 2008-02-15 19:20 <DIR> d-------- F:\Program Files\RABCO
2008-02-13 18:50 . 2008-02-13 18:50 <DIR> d-------- F:\Documents and Settings\Veary\Application Data\QQ Games Plugin
2008-02-13 18:50 . 2008-02-13 18:50 <DIR> d-------- F:\Documents and Settings\Veary\Application Data\acccore
2008-02-13 18:49 . 2008-02-13 18:49 <DIR> d-------- F:\Program Files\Tencent
2008-02-13 18:48 . 2008-02-17 15:33 <DIR> d-------- F:\Program Files\AOL Search
2008-02-13 18:48 . 2008-02-13 18:50 <DIR> d-------- F:\Program Files\AIMTunes
2008-02-13 18:48 . 2008-02-13 18:48 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\AOL Downloads
2008-02-13 18:47 . 2008-02-13 18:50 <DIR> d-------- F:\Program Files\AIM6
2008-02-13 18:47 . 2008-02-13 18:51 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\AOL OCP
2008-02-13 18:47 . 2008-02-13 18:47 <DIR> d-------- F:\Documents and Settings\All Users\Application Data\AOL
2008-02-13 18:47 . 2008-02-13 18:50 1,348 --ah----- F:\IPH.PH
2008-02-02 10:47 . 2008-02-02 10:47 <DIR> d-------- F:\Program Files\Disney

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-19 01:37 --------- d-----w F:\Program Files\Common Files\Symantec Shared
2008-02-17 23:00 --------- d-----w F:\Program Files\Norton Security Scan
2008-02-17 20:36 --------- d-----w F:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor
2008-02-17 20:34 --------- d-----w F:\Program Files\Google
2008-02-13 23:47 --------- d-----w F:\Program Files\Common Files\AOL
.

(((((((((((((((((((((((((((((((((((((((((((( Look )))))))))))))))))))))))))))))))))))))))))))))))))))))))))
.

---- Directory of F:\WINDOWS\S2lkcyAy ----



((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22}]
2008-01-03 11:27 111968 --a------ F:\Program Files\AOL Search\AOLSearch.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="F:\Program Files\Messenger\msmsgs.exe" [2001-08-02 06:14 1077277]
"Aim6"="" []
"SUPERAntiSpyware"="F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2007-06-21 14:06 1318912]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"!AVG Anti-Spyware"="F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" [2007-06-11 04:25 6731312]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"swg"="F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2007-09-07 19:29 171448]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"= 0 (0x0)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= F:\Program Files\SUPERAntiSpyware\SASSEH.DLL [2006-12-20 13:55 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
F:\Program Files\SUPERAntiSpyware\SASWINLO.dll 2007-04-19 13:41 294912 F:\Program Files\SUPERAntiSpyware\SASWINLO.dll

R3 ati2mpaa;ati2mpaa;F:\WINDOWS\System32\DRIVERS\ati2mpaa.sys [2001-08-17 07:48]

.
Contents of the 'Scheduled Tasks' folder
"2008-02-18 02:05:11 F:\WINDOWS\Tasks\Norton Security Scan.job"
- F:\Program Files\Norton Security Scan\Nss.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-18 20:38:32
Windows 5.1.2600 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
F:\WINDOWS\System32\lxctcoms.exe
F:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
F:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
.
**************************************************************************
.
Completion time: 2008-02-18 20:41:19 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-19 01:41:03
ComboFix2.txt 2008-02-18 21:02:10
.
2008-02-14 08:01:20 --- E O F ---


Hijack this:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 8:42:11 PM, on 2/18/2008
Platform: Windows XP (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 (6.00.2600.0000)
Boot mode: Normal

Running processes:
F:\WINDOWS\System32\smss.exe
F:\WINDOWS\system32\winlogon.exe
F:\WINDOWS\system32\services.exe
F:\WINDOWS\system32\lsass.exe
F:\WINDOWS\system32\svchost.exe
F:\WINDOWS\System32\svchost.exe
F:\WINDOWS\system32\spoolsv.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
F:\WINDOWS\System32\lxctcoms.exe
F:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe
F:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WMP54Gv4.exe
F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe
F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
F:\Program Files\Messenger\msmsgs.exe
F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
F:\WINDOWS\System32\wuauclt.exe
F:\WINDOWS\explorer.exe
F:\WINDOWS\System32\wuauclt.exe
F:\Documents and Settings\Veary\Desktop\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com/
R3 - URLSearchHook: AOLSearchHook Class - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - F:\Program Files\AOL Search\AOLSearch.dll
R3 - URLSearchHook: (no name) - {EA756889-2338-43DB-8F07-D1CA6FB9C90D} - (no file)
O2 - BHO: AOL Search Enhancement - {54EB34EA-E6BE-4CFD-9F4F-C4A0C2EAFA22} - F:\Program Files\AOL Search\AOLSearch.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: AOL Toolbar Launcher - {7C554162-8CB7-45A4-B8F4-8EA1C75885F9} - F:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - f:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Radio - {8E718888-423F-11D2-876E-00A0C9082467} - F:\WINDOWS\System32\msdxm.ocx
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - f:\program files\google\googletoolbar2.dll
O3 - Toolbar: AIM Toolbar - {DE9C389F-3316-41A7-809B-AA305ED9D922} - F:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "F:\Program Files\Java\jre1.6.0_03\bin\jusched.exe"
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [MSMSGS] "F:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKCU\..\Run: [SUPERAntiSpyware] F:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKUS\S-1-5-18\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [swg] F:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe (User 'Default user')
O4 - Startup: RABCO - Auto Update.lnk = F:\Program Files\RABCO\RABCOse.exe
O8 - Extra context menu item: &AOL Toolbar Search - f:\program files\aol\aim toolbar 5.0\resources\en-US\local\search.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - F:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O9 - Extra button: AIM Toolbar - {3369AF0D-62E9-4bda-8103-B4C75499B578} - F:\Program Files\AOL\AIM Toolbar 5.0\aoltb.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - F:\Program Files\AIM\aim.exe
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft....k/?linkid=39204
O16 - DPF: {238F6F83-B8B4-11CF-8771-00A024541EE3} (Citrix ICA Client) - http://www.marsd.k12...lient/wfica.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1189174975873
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.mi...b?1193096796148
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoft...free/asinst.cab
O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://3dlifeplayer....l/installer.exe
O20 - Winlogon Notify: !SASWinLogon - F:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - F:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: Google Updater Service (gusvc) - Google - F:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: lxct_device - - F:\WINDOWS\System32\lxctcoms.exe
O23 - Service: WMP54Gv4SVC - GEMTEKS - F:\Program Files\Linksys Wireless-G PCI Wireless Network Monitor\WLService.exe

--
End of file - 4915 bytes
  • 0

#18
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Go Here and download CCleaner.
Double click on it to install it.
Click on your language then Next then I agree then next again.
When you come to the Installation options window (the next window after clicking next)
Uncheck [i]all[/i] but Create a Desktop Shortcut.
Then Click on Install.

After it is installed double click on the icon on your desktop to run it.
Choose Run Cleaner then yes at the prompt to permanently delete files.
It may take a while so let it finish.

After that Click on the icon to the left called Registry
Then click on scan for issues.
Then click on Fix selected issues.
And then yes to making a backup.
It will save it in your MY Documents Folder.
Then Click on Fix all selected issues and yes that you really want to do it.
After that is done then exit out of CCleaner.

Then you may uninstall it.
================================
After that please go HERE to run Panda's TotalScan
  • Select the bubble for Full scan
  • It will start downloading the files it requires for the scan (Note: It may take a couple of minutes)
  • Then the scan will begin
  • When the scan completes, click the Save button on the right of Scan details
  • Save it to a convenient location. Post the contents of the TotalScan report

  • 0

#19
dvea

dvea

    Member

  • Topic Starter
  • Member
  • PipPip
  • 53 posts
Here is totalscan report:

;*******************************************************************************
*********************************************************************************
*******************
ANALYSIS: 2008-02-18 21:47:41
PROTECTIONS: 0
MALWARE: 15
SUSPECTS: 0
;*******************************************************************************
*********************************************************************************
*******************
PROTECTIONS
Description Version Active Updated
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
MALWARE
Id Description Type Active Severity Disinfectable Disinfected Location
;===============================================================================
=================================================================================
===================
00139061 Cookie/Doubleclick TrackingCookie No 0 Yes No F:\Documents and Settings\Veary\Cookies\[email protected][1].txt
00167642 Cookie/Com.com TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\john [email protected][1].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\john [email protected][2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\[email protected][2].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\john [email protected][3].txt
00194327 Cookie/Go TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\[email protected][3].txt
00207338 Cookie/Target TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\[email protected][2].txt
00286738 Cookie/Cgi-bin TrackingCookie No 0 Yes No C:\WINDOWS\Cookies\[email protected][1].txt
00332832 Adware/DollarRevenue Adware No 1 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP171\A0008949.dll
01185375 Application/Psexec.A HackTools No 0 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP173\A0009024.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP173\A0009008.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP174\A0009070.EXE
01185375 Application/Psexec.A HackTools No 0 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP174\A0009111.EXE
01262593 Application/NirCmd.A HackTools No 0 Yes No F:\WINDOWS\Nircmd.exe
01262593 Application/NirCmd.A HackTools No 0 No No G:\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 No No F:\Documents and Settings\Veary\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.cfexe]
01262593 Application/NirCmd.A HackTools No 0 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP173\A0009048.com
01262593 Application/NirCmd.A HackTools No 0 No No F:\Documents and Settings\Veary\Desktop\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 No No G:\ComboFix.exe[327882R2FWJFW\nircmd.com]
01262593 Application/NirCmd.A HackTools No 0 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP174\A0009135.com
02688464 Adware/DnsInsider Adware No 0 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP170\A0008912.exe
02885963 Rootkit/Booto.C Virus/Worm No 0 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP174\A0009109.sys
02887738 Trj/Downloader.PLF Virus/Trojan No 0 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP171\A0008950.exe
02888175 Adware/Zenosearch Adware No 0 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP170\A0008914.dll
02892536 Spyware/Virtumonde Spyware No 1 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP171\A0008964.dll
02892536 Spyware/Virtumonde Spyware No 1 Yes No F:\QooBox\Quarantine\F\WINDOWS\system32\vsaodcbx.dll.vir
02892536 Spyware/Virtumonde Spyware No 1 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP173\A0009010.dll
02896112 Adware/Yazzle Adware No 0 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP170\A0008905.exe
02900145 Spyware/Virtumonde Spyware No 1 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP171\A0008960.dll
02900145 Spyware/Virtumonde Spyware No 1 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP171\A0008939.dll
02900145 Spyware/Virtumonde Spyware No 1 Yes No F:\System Volume Information\_restore{1DB909EB-A8F8-40B2-8E04-9F761986C674}\RP171\A0008938.dll
;===============================================================================
=================================================================================
===================
SUSPECTS
Location
;===============================================================================
=================================================================================
===================
;===============================================================================
=================================================================================
===================
  • 0

#20
kahdah

kahdah

    GeekU Teacher

  • Retired Staff
  • 15,822 posts
Please delete your leftover cookies.


Time for some housekeeping
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK


    • Posted Image

    The above procedure will delete and do the following:

    • ComboFix and its associated files and folders.
    • VundoFix backups, if present
    • The C:\Deckard folder, if present
    • The C:_OtMoveIt folder, if present
  • Reset the clock settings.
  • Hide file extensions, if required.
  • Hide System/Hidden files, if required.
  • Clean System Restore points.

Also delete anything that we used that is left over.
===============================
After that Your log is clean. :)

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein ->Here
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP