Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

Vundo - Red Warning for C Drive Icon [CLOSED]

Started by alibaba13 , Mar 01 2008 10:15 AM

  • This topic is locked This topic is locked

#1
alibaba13
Posted 01 March 2008 - 10:15 AM

alibaba13

    New Member

  • Member
  • Pip
  • 9 posts
HI, I believe I have a Vundo virus issue. I have downloaded and ran ComboFix, which does seemed to have helped significantly, however I still have a red warning symbol for my c drive icon.
Can anyone help me fix this please?

Much appreciated....
  • 0

Advertisements

#2
Tigger93
Posted 01 March 2008 - 10:35 AM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hello and Welcome to Geekstogo! :)

Do you still have the Combofix log? If so, can you please post it?
  • 0

#3
alibaba13
Posted 02 March 2008 - 02:47 AM

alibaba13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Thanks. Sure, here it is -

ComboFix 08-03-01 - Hulya Kurshat 2008-03-01 16:04:26.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1326 [GMT 0:00]
Running from: C:\Documents and Settings\Hulya Kurshat\My Documents\ComboFix.exe

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll


((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.

2008-03-01 16:04 . 2008-03-01 16:05 53,248 --a------ C:\WINDOWS\PSEXESVC.EXE
2008-02-27 22:07 . 2008-02-27 22:07 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-26 23:34 . 2008-02-26 23:34 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-02-25 19:18 . 2008-02-29 19:27 99,463 --a------ C:\WINDOWS\BM5796bdc3.xml
2008-02-25 19:18 . 2008-02-29 19:41 21 --a------ C:\WINDOWS\pskt.ini
2008-02-23 19:24 . 2008-02-23 19:24 <DIR> d-------- C:\Program Files\iPod
2008-02-23 19:24 . 2008-02-23 19:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-23 19:24 . 2008-02-23 19:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-22 19:17 . 2008-02-23 17:49 1,734 ---hs---- C:\WINDOWS\system32\utejfpxm.ini
2008-02-21 19:20 . 2008-02-22 19:07 1,014 ---hs---- C:\WINDOWS\system32\miwuyayp.ini
2008-02-20 21:07 . 2008-02-20 21:07 <DIR> d-------- C:\Documents and Settings\Hulya Kurshat\Application Data\Bitdefender
2008-02-20 20:31 . 2008-02-20 20:31 <DIR> d-------- C:\Program Files\Softwin
2008-02-20 19:18 . 2008-02-21 19:18 654 ---hs---- C:\WINDOWS\system32\bpatptmh.ini
2008-02-12 11:36 . 2008-02-14 12:21 <DIR> d-------- C:\Program Files\Incomplete
2008-02-09 08:06 . 2008-03-01 16:04 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-02-09 08:00 . 2008-02-20 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-09 07:57 . 2008-02-29 19:04 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-02-08 17:55 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-08 17:55 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-02-08 17:55 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-02-08 17:55 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-02-08 17:55 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-02-08 17:55 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-02-08 17:55 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-02-08 17:55 . 2007-01-08 15:30 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 13:15 --------- d-----w C:\Program Files\QuickTime
2008-02-29 19:03 --------- d-----w C:\Program Files\Alcohol 120
2008-02-27 22:08 --------- d-----w C:\Program Files\AOL 9.0
2008-02-27 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-25 19:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-25 11:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-25 11:02 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\Symantec
2008-02-25 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-23 21:17 --------- d-----w C:\Program Files\iTunes
2008-02-22 19:16 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\LimeWire
2008-02-22 19:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-21 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Smilebox
2008-02-20 23:23 15,360 ----a-w C:\WINDOWS\system32\ctfmon .exe
2008-02-16 19:53 --------- d-----w C:\Program Files\mIRC
2008-02-14 22:33 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\ZoomBrowser EX
2008-02-14 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-14 12:15 --------- d-----w C:\Program Files\LimeWire
2008-02-12 07:35 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\Ford Error Hide
2008-02-12 07:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\size draw rule 2
2008-02-12 02:18 --------- d-----w C:\Program Files\Apoint
2008-02-08 18:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 17:56 --------- d-----w C:\Program Files\InterVideo
2008-02-08 17:56 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-02-08 17:55 10,368 ----a-w C:\WINDOWS\system32\drivers\iviaspi.sys
2008-02-04 19:36 --------- d-----w C:\Program Files\McGraw-Hill
2008-02-01 22:26 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\Azureus
2008-01-01 14:27 --------- d-----w C:\Program Files\Games
2008-01-01 13:34 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-01 13:34 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-01 13:21 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-01 12:46 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\Sony Corporation
2007-12-30 19:24 168 ----a-w C:\Documents and Settings\Hulya Kurshat\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-10-16 15:14 70,816 ----a-w C:\Documents and Settings\Hulya Kurshat\Application Data\GDIPFONTCACHEV1.DAT
.
<pre>
----a-w		   290,816 2008-02-29 19:03:52  C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\bdmcon .exe
----a-w		   483,328 2008-02-11 22:52:08  C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
----a-w			63,712 2008-02-11 22:52:15  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
----a-w			57,344 2007-12-31 07:56:00  C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy .exe
----a-w			39,792 2008-02-28 19:11:40  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w		   118,784 2008-02-11 22:51:57  C:\Program Files\Apoint\Apoint .exe
----a-w			50,736 2008-02-11 22:52:27  C:\Program Files\Common Files\AOL\1173038790\ee\AOLSoftware .exe
----a-w			71,216 2008-02-11 22:52:09  C:\Program Files\Common Files\AOL\ACS\AOLDial .exe
----a-w			52,848 2008-02-23 19:42:32  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w		   143,360 2008-02-11 22:52:00  C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif .exe
----a-w		   267,048 2008-02-23 19:42:35  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			36,975 2008-02-11 22:52:14  C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w		   385,024 2008-02-23 21:19:52  C:\Program Files\QuickTime\qttask									 .exe
----a-w		   385,024 2008-02-23 21:19:52  C:\Program Files\QuickTime\qttask									.exe
----a-w		   385,024 2008-02-22 23:06:15  C:\Program Files\QuickTime\qttask								   .exe
----a-w		   385,024 2008-02-22 23:06:15  C:\Program Files\QuickTime\qttask								  .exe
----a-w		   385,024 2008-02-22 23:06:15  C:\Program Files\QuickTime\qttask								 .exe
----a-w		   385,024 2008-02-22 23:06:16  C:\Program Files\QuickTime\qttask								.exe
----a-w		   385,024 2008-02-22 23:06:16  C:\Program Files\QuickTime\qttask							   .exe
----a-w		   385,024 2008-02-21 00:25:23  C:\Program Files\QuickTime\qttask							  .exe
----a-w		   385,024 2008-02-20 23:17:41  C:\Program Files\QuickTime\qttask							 .exe
----a-w		   385,024 2008-02-20 23:17:41  C:\Program Files\QuickTime\qttask							.exe
----a-w		   385,024 2008-02-20 23:17:41  C:\Program Files\QuickTime\qttask						   .exe
----a-w		   385,024 2008-02-20 23:17:41  C:\Program Files\QuickTime\qttask						  .exe
----a-w		   385,024 2008-02-20 23:17:42  C:\Program Files\QuickTime\qttask						 .exe
----a-w		   385,024 2008-02-20 23:17:42  C:\Program Files\QuickTime\qttask						.exe
----a-w		   385,024 2008-02-20 23:17:42  C:\Program Files\QuickTime\qttask					   .exe
----a-w		   385,024 2008-02-20 23:17:42  C:\Program Files\QuickTime\qttask					  .exe
----a-w		   385,024 2008-02-20 23:17:43  C:\Program Files\QuickTime\qttask					 .exe
----a-w		   385,024 2008-02-20 23:17:43  C:\Program Files\QuickTime\qttask					.exe
----a-w		   385,024 2008-02-20 23:17:43  C:\Program Files\QuickTime\qttask				   .exe
----a-w		   385,024 2008-02-20 23:17:43  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   385,024 2008-02-20 23:17:44  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   385,024 2008-02-20 23:17:44  C:\Program Files\QuickTime\qttask				.exe
----a-w		   385,024 2008-02-20 23:17:44  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   385,024 2008-02-20 23:17:44  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   385,024 2008-02-20 23:17:44  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   385,024 2008-02-20 23:17:45  C:\Program Files\QuickTime\qttask			.exe
----a-w		   385,024 2008-02-20 23:17:45  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   760,320 2008-03-01 08:09:35  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   385,024 2008-02-29 20:22:32  C:\Program Files\QuickTime\qttask		.exe
----a-w		   385,024 2008-02-29 20:22:32  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   385,024 2008-02-29 20:22:33  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   385,024 2008-02-29 20:22:33  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   385,024 2008-02-29 20:22:33  C:\Program Files\QuickTime\qttask	.exe
----a-w		   385,024 2008-02-29 20:22:33  C:\Program Files\QuickTime\qttask   .exe
----a-w		   385,024 2008-02-29 20:22:33  C:\Program Files\QuickTime\qttask  .exe
----a-w		   385,024 2008-02-29 20:22:34  C:\Program Files\QuickTime\qttask .exe
----a-w			26,112 2008-02-11 22:52:11  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w			69,632 2008-02-29 19:09:06  C:\Program Files\Softwin\BitDefender10\bdagent .exe
----a-w		   290,816 2008-02-29 19:09:06  C:\Program Files\Softwin\BitDefender10\bdmcon .exe
----a-w			29,696 2008-02-11 22:52:02  C:\Program Files\Sony\AppMonUtil\AppMonUtility .exe
----a-w			32,768 2008-02-11 22:51:59  C:\Program Files\Sony\ISB Utility\ISBMgr .exe
----a-w			69,632 2008-02-11 22:51:58  C:\Program Files\Sony\VAIO Camera Utility\VCUServe .exe
----a-w		   217,088 2008-02-11 22:51:59  C:\Program Files\Sony\VAIO Power Management\SPMgr .exe
----a-w		   546,936 2008-02-11 22:52:13  C:\Program Files\Sony\VAIO Update 3\VAIOUpdt .exe
----a-w		   176,128 2008-02-11 22:52:00  C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher .exe
----a-w			59,392 2008-02-20 23:23:07  C:\WINDOWS\ehome\ehtray .exe
----a-w			15,360 2008-02-20 23:23:16  C:\WINDOWS\system32\ctfmon .exe
----a-w		   127,036 2008-02-11 22:52:05  C:\WINDOWS\system32\DLA\DLACTRLW .EXE
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"road draw"="C:\DOCUME~1\HULYAK~1\APPLIC~1\FORDER~1\DVD OPTION START.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-06 02:36 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-06 02:36 7561216]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 15:46 45056 C:\WINDOWS\system32\ico.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [ ]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 12:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-03-04 15:38:54 156784]
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe [2007-03-04 15:39:48 250992]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-02 21:19:10 1753088]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 13:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 16:26]
R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 20:09]
R3 5U870CAP_VID_1262&PID_25FD;Sony Visual Communication Camera VGP-VCC2 ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-30 08:27]
R3 AVerM115S;AVerM115S service;C:\WINDOWS\system32\DRIVERS\AVerM115S.sys [2006-07-26 07:13]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 09:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2007-04-23 13:29]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 18:10]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 16:23]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 16:05:29
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-01 16:06:04
ComboFix-quarantined-files.txt 2008-03-01 16:05:56
ComboFix2.txt 2008-03-01 13:21:49
.
2008-02-13 12:04:18 --- E O F ---
  • 0

#4
Tigger93
Posted 02 March 2008 - 01:51 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\BM5796bdc3.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\utejfpxm.ini
C:\WINDOWS\system32\miwuyayp.ini
C:\WINDOWS\system32\bpatptmh.ini

Folder::
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Hulya Kurshat\Application Data\Ford Error Hide
C:\Documents and Settings\All Users\Application Data\size draw rule 2

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"road draw"=-

RenV::
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\bdmcon .exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy .exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\Apoint\Apoint .exe
C:\Program Files\Common Files\AOL\1173038790\ee\AOLSoftware .exe
C:\Program Files\Common Files\AOL\ACS\AOLDial .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
C:\Program Files\QuickTime\qttask									 .exe
C:\Program Files\QuickTime\qttask									.exe
C:\Program Files\QuickTime\qttask								   .exe
C:\Program Files\QuickTime\qttask								  .exe
C:\Program Files\QuickTime\qttask								 .exe
C:\Program Files\QuickTime\qttask								.exe
C:\Program Files\QuickTime\qttask							   .exe
C:\Program Files\QuickTime\qttask							  .exe
C:\Program Files\QuickTime\qttask							 .exe
C:\Program Files\QuickTime\qttask							.exe
C:\Program Files\QuickTime\qttask						   .exe
C:\Program Files\QuickTime\qttask						  .exe
C:\Program Files\QuickTime\qttask						 .exe
C:\Program Files\QuickTime\qttask						.exe
C:\Program Files\QuickTime\qttask					   .exe
C:\Program Files\QuickTime\qttask					  .exe
C:\Program Files\QuickTime\qttask					 .exe
C:\Program Files\QuickTime\qttask					.exe
C:\Program Files\QuickTime\qttask				   .exe
C:\Program Files\QuickTime\qttask				  .exe
C:\Program Files\QuickTime\qttask				 .exe
C:\Program Files\QuickTime\qttask				.exe
C:\Program Files\QuickTime\qttask			   .exe
C:\Program Files\QuickTime\qttask			  .exe
C:\Program Files\QuickTime\qttask			 .exe
C:\Program Files\QuickTime\qttask			.exe
C:\Program Files\QuickTime\qttask		   .exe
C:\Program Files\QuickTime\qttask		  .exe
C:\Program Files\QuickTime\qttask		 .exe
C:\Program Files\QuickTime\qttask		.exe
C:\Program Files\QuickTime\qttask	   .exe
C:\Program Files\QuickTime\qttask	  .exe
C:\Program Files\QuickTime\qttask	 .exe
C:\Program Files\QuickTime\qttask	.exe
C:\Program Files\QuickTime\qttask   .exe
C:\Program Files\QuickTime\qttask  .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Real\RealPlayer\RealPlay .exe
C:\Program Files\Softwin\BitDefender10\bdagent .exe
C:\Program Files\Softwin\BitDefender10\bdmcon .exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility .exe
C:\Program Files\Sony\ISB Utility\ISBMgr .exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe .exe
C:\Program Files\Sony\VAIO Power Management\SPMgr .exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt .exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher .exe
C:\WINDOWS\ehome\ehtray .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\DLA\DLACTRLW .EXE


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#5
alibaba13
Posted 03 March 2008 - 03:51 PM

alibaba13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi, thanks for the tip. However, I still have the incorrect icon on the hard drive.
This is the log below. Sorry, but where do i find the hijackthis log? Thanks


ComboFix 08-03-01 - Hulya Kurshat 2008-03-03 21:35:53.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1363 [GMT 0:00]
Running from: C:\Documents and Settings\Hulya Kurshat\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\Hulya Kurshat\My Documents\CFScript.txt
* Created a new restore point
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll


((((((((((((((((((((((((( Files Created from 2008-02-03 to 2008-03-03 )))))))))))))))))))))))))))))))
.

2008-02-27 22:07 . 2008-02-27 22:07 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-26 23:34 . 2008-02-26 23:34 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-02-25 19:18 . 2008-02-29 19:27 99,463 --a------ C:\WINDOWS\BM5796bdc3.xml
2008-02-25 19:18 . 2008-02-29 19:41 21 --a------ C:\WINDOWS\pskt.ini
2008-02-23 19:24 . 2008-02-23 19:24 <DIR> d-------- C:\Program Files\iPod
2008-02-23 19:24 . 2008-02-23 19:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-23 19:24 . 2008-02-23 19:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-22 19:17 . 2008-02-23 17:49 1,734 ---hs---- C:\WINDOWS\system32\utejfpxm.ini
2008-02-21 19:20 . 2008-02-22 19:07 1,014 ---hs---- C:\WINDOWS\system32\miwuyayp.ini
2008-02-20 21:07 . 2008-02-20 21:07 <DIR> d-------- C:\Documents and Settings\Hulya Kurshat\Application Data\Bitdefender
2008-02-20 20:31 . 2008-02-20 20:31 <DIR> d-------- C:\Program Files\Softwin
2008-02-20 19:18 . 2008-02-21 19:18 654 ---hs---- C:\WINDOWS\system32\bpatptmh.ini
2008-02-12 11:36 . 2008-02-14 12:21 <DIR> d-------- C:\Program Files\Incomplete
2008-02-09 08:06 . 2008-03-03 21:33 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-02-09 08:00 . 2008-02-20 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-09 07:57 . 2008-02-29 19:04 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-02-08 17:55 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-08 17:55 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-02-08 17:55 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-02-08 17:55 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-02-08 17:55 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-02-08 17:55 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-02-08 17:55 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-02-08 17:55 . 2007-01-08 15:30 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 13:15 --------- d-----w C:\Program Files\QuickTime
2008-02-29 19:03 --------- d-----w C:\Program Files\Alcohol 120
2008-02-27 22:08 --------- d-----w C:\Program Files\AOL 9.0
2008-02-27 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-25 19:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-25 11:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-25 11:02 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\Symantec
2008-02-25 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-23 21:17 --------- d-----w C:\Program Files\iTunes
2008-02-22 19:16 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\LimeWire
2008-02-22 19:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-21 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Smilebox
2008-02-20 23:23 15,360 ----a-w C:\WINDOWS\system32\ctfmon .exe
2008-02-16 19:53 --------- d-----w C:\Program Files\mIRC
2008-02-14 22:33 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\ZoomBrowser EX
2008-02-14 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-14 12:15 --------- d-----w C:\Program Files\LimeWire
2008-02-12 07:35 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\Ford Error Hide
2008-02-12 07:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\size draw rule 2
2008-02-12 02:18 --------- d-----w C:\Program Files\Apoint
2008-02-08 18:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 17:56 --------- d-----w C:\Program Files\InterVideo
2008-02-08 17:56 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-02-08 17:55 10,368 ----a-w C:\WINDOWS\system32\drivers\iviaspi.sys
2008-02-04 19:36 --------- d-----w C:\Program Files\McGraw-Hill
2008-02-01 22:26 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\Azureus
2007-12-30 19:24 168 ----a-w C:\Documents and Settings\Hulya Kurshat\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-12-04 18:38 550,912 ----a-w C:\WINDOWS\system32\oleaut32.dll
2007-10-16 15:14 70,816 ----a-w C:\Documents and Settings\Hulya Kurshat\Application Data\GDIPFONTCACHEV1.DAT
.
<pre>
----a-w		   290,816 2008-02-29 19:03:52  C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\bdmcon .exe
----a-w		   483,328 2008-02-11 22:52:08  C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
----a-w			63,712 2008-02-11 22:52:15  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
----a-w			57,344 2007-12-31 07:56:00  C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy .exe
----a-w			39,792 2008-02-28 19:11:40  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w		   118,784 2008-02-11 22:51:57  C:\Program Files\Apoint\Apoint .exe
----a-w			50,736 2008-02-11 22:52:27  C:\Program Files\Common Files\AOL\1173038790\ee\AOLSoftware .exe
----a-w			71,216 2008-02-11 22:52:09  C:\Program Files\Common Files\AOL\ACS\AOLDial .exe
----a-w			52,848 2008-02-23 19:42:32  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w		   143,360 2008-02-11 22:52:00  C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif .exe
----a-w		   267,048 2008-02-23 19:42:35  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			36,975 2008-02-11 22:52:14  C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w		   385,024 2008-02-23 21:19:52  C:\Program Files\QuickTime\qttask									 .exe
----a-w		   385,024 2008-02-23 21:19:52  C:\Program Files\QuickTime\qttask									.exe
----a-w		   385,024 2008-02-22 23:06:15  C:\Program Files\QuickTime\qttask								   .exe
----a-w		   385,024 2008-02-22 23:06:15  C:\Program Files\QuickTime\qttask								  .exe
----a-w		   385,024 2008-02-22 23:06:15  C:\Program Files\QuickTime\qttask								 .exe
----a-w		   385,024 2008-02-22 23:06:16  C:\Program Files\QuickTime\qttask								.exe
----a-w		   385,024 2008-02-22 23:06:16  C:\Program Files\QuickTime\qttask							   .exe
----a-w		   385,024 2008-02-21 00:25:23  C:\Program Files\QuickTime\qttask							  .exe
----a-w		   385,024 2008-02-20 23:17:41  C:\Program Files\QuickTime\qttask							 .exe
----a-w		   385,024 2008-02-20 23:17:41  C:\Program Files\QuickTime\qttask							.exe
----a-w		   385,024 2008-02-20 23:17:41  C:\Program Files\QuickTime\qttask						   .exe
----a-w		   385,024 2008-02-20 23:17:41  C:\Program Files\QuickTime\qttask						  .exe
----a-w		   385,024 2008-02-20 23:17:42  C:\Program Files\QuickTime\qttask						 .exe
----a-w		   385,024 2008-02-20 23:17:42  C:\Program Files\QuickTime\qttask						.exe
----a-w		   385,024 2008-02-20 23:17:42  C:\Program Files\QuickTime\qttask					   .exe
----a-w		   385,024 2008-02-20 23:17:42  C:\Program Files\QuickTime\qttask					  .exe
----a-w		   385,024 2008-02-20 23:17:43  C:\Program Files\QuickTime\qttask					 .exe
----a-w		   385,024 2008-02-20 23:17:43  C:\Program Files\QuickTime\qttask					.exe
----a-w		   385,024 2008-02-20 23:17:43  C:\Program Files\QuickTime\qttask				   .exe
----a-w		   385,024 2008-02-20 23:17:43  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   385,024 2008-02-20 23:17:44  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   385,024 2008-02-20 23:17:44  C:\Program Files\QuickTime\qttask				.exe
----a-w		   385,024 2008-02-20 23:17:44  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   385,024 2008-02-20 23:17:44  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   385,024 2008-02-20 23:17:44  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   385,024 2008-02-20 23:17:45  C:\Program Files\QuickTime\qttask			.exe
----a-w		   385,024 2008-02-20 23:17:45  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   760,320 2008-03-01 08:09:35  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   385,024 2008-02-29 20:22:32  C:\Program Files\QuickTime\qttask		.exe
----a-w		   385,024 2008-02-29 20:22:32  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   385,024 2008-02-29 20:22:33  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   385,024 2008-02-29 20:22:33  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   385,024 2008-02-29 20:22:33  C:\Program Files\QuickTime\qttask	.exe
----a-w		   385,024 2008-02-29 20:22:33  C:\Program Files\QuickTime\qttask   .exe
----a-w		   385,024 2008-02-29 20:22:33  C:\Program Files\QuickTime\qttask  .exe
----a-w		   385,024 2008-02-29 20:22:34  C:\Program Files\QuickTime\qttask .exe
----a-w			26,112 2008-02-11 22:52:11  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w			69,632 2008-02-29 19:09:06  C:\Program Files\Softwin\BitDefender10\bdagent .exe
----a-w		   290,816 2008-02-29 19:09:06  C:\Program Files\Softwin\BitDefender10\bdmcon .exe
----a-w			29,696 2008-02-11 22:52:02  C:\Program Files\Sony\AppMonUtil\AppMonUtility .exe
----a-w			32,768 2008-02-11 22:51:59  C:\Program Files\Sony\ISB Utility\ISBMgr .exe
----a-w			69,632 2008-02-11 22:51:58  C:\Program Files\Sony\VAIO Camera Utility\VCUServe .exe
----a-w		   217,088 2008-02-11 22:51:59  C:\Program Files\Sony\VAIO Power Management\SPMgr .exe
----a-w		   546,936 2008-02-11 22:52:13  C:\Program Files\Sony\VAIO Update 3\VAIOUpdt .exe
----a-w		   176,128 2008-02-11 22:52:00  C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher .exe
----a-w			59,392 2008-02-20 23:23:07  C:\WINDOWS\ehome\ehtray .exe
----a-w			15,360 2008-02-20 23:23:16  C:\WINDOWS\system32\ctfmon .exe
----a-w		   127,036 2008-02-11 22:52:05  C:\WINDOWS\system32\DLA\DLACTRLW .EXE
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"road draw"="C:\DOCUME~1\HULYAK~1\APPLIC~1\FORDER~1\DVD OPTION START.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-06 02:36 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-06 02:36 7561216]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 15:46 45056 C:\WINDOWS\system32\ico.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [ ]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 12:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-03-04 15:38:54 156784]
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe [2007-03-04 15:39:48 250992]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-02 21:19:10 1753088]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 13:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 16:26]
R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 20:09]
R3 5U870CAP_VID_1262&PID_25FD;Sony Visual Communication Camera VGP-VCC2 ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-30 08:27]
R3 AVerM115S;AVerM115S service;C:\WINDOWS\system32\DRIVERS\AVerM115S.sys [2006-07-26 07:13]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 09:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2007-04-23 13:29]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 18:10]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 16:23]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-03 21:37:51
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-03-03 21:38:29
ComboFix-quarantined-files.txt 2008-03-03 21:38:21
ComboFix2.txt 2008-03-01 16:06:05
ComboFix3.txt 2008-03-01 13:21:49
.
2008-02-13 12:04:18 --- E O F ---
  • 0

#6
Tigger93
Posted 03 March 2008 - 04:31 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Please delete your current copy of Combofix and download a new version from:
http://subs.geekstogo.com/ComboFix.exe

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\BM5796bdc3.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\utejfpxm.ini
C:\WINDOWS\system32\miwuyayp.ini
C:\WINDOWS\system32\bpatptmh.ini

Folder::
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Hulya Kurshat\Application Data\Ford Error Hide
C:\Documents and Settings\All Users\Application Data\size draw rule 2

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"road draw"=-

RenV::
C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\bdmcon .exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy .exe
C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
C:\Program Files\Apoint\Apoint .exe
C:\Program Files\Common Files\AOL\1173038790\ee\AOLSoftware .exe
C:\Program Files\Common Files\AOL\ACS\AOLDial .exe
C:\Program Files\Common Files\Symantec Shared\ccApp .exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif .exe
C:\Program Files\iTunes\iTunesHelper .exe
C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
C:\Program Files\QuickTime\qttask									 .exe
C:\Program Files\QuickTime\qttask									.exe
C:\Program Files\QuickTime\qttask								   .exe
C:\Program Files\QuickTime\qttask								  .exe
C:\Program Files\QuickTime\qttask								 .exe
C:\Program Files\QuickTime\qttask								.exe
C:\Program Files\QuickTime\qttask							   .exe
C:\Program Files\QuickTime\qttask							  .exe
C:\Program Files\QuickTime\qttask							 .exe
C:\Program Files\QuickTime\qttask							.exe
C:\Program Files\QuickTime\qttask						   .exe
C:\Program Files\QuickTime\qttask						  .exe
C:\Program Files\QuickTime\qttask						 .exe
C:\Program Files\QuickTime\qttask						.exe
C:\Program Files\QuickTime\qttask					   .exe
C:\Program Files\QuickTime\qttask					  .exe
C:\Program Files\QuickTime\qttask					 .exe
C:\Program Files\QuickTime\qttask					.exe
C:\Program Files\QuickTime\qttask				   .exe
C:\Program Files\QuickTime\qttask				  .exe
C:\Program Files\QuickTime\qttask				 .exe
C:\Program Files\QuickTime\qttask				.exe
C:\Program Files\QuickTime\qttask			   .exe
C:\Program Files\QuickTime\qttask			  .exe
C:\Program Files\QuickTime\qttask			 .exe
C:\Program Files\QuickTime\qttask			.exe
C:\Program Files\QuickTime\qttask		   .exe
C:\Program Files\QuickTime\qttask		  .exe
C:\Program Files\QuickTime\qttask		 .exe
C:\Program Files\QuickTime\qttask		.exe
C:\Program Files\QuickTime\qttask	   .exe
C:\Program Files\QuickTime\qttask	  .exe
C:\Program Files\QuickTime\qttask	 .exe
C:\Program Files\QuickTime\qttask	.exe
C:\Program Files\QuickTime\qttask   .exe
C:\Program Files\QuickTime\qttask  .exe
C:\Program Files\QuickTime\qttask .exe
C:\Program Files\Real\RealPlayer\RealPlay .exe
C:\Program Files\Softwin\BitDefender10\bdagent .exe
C:\Program Files\Softwin\BitDefender10\bdmcon .exe
C:\Program Files\Sony\AppMonUtil\AppMonUtility .exe
C:\Program Files\Sony\ISB Utility\ISBMgr .exe
C:\Program Files\Sony\VAIO Camera Utility\VCUServe .exe
C:\Program Files\Sony\VAIO Power Management\SPMgr .exe
C:\Program Files\Sony\VAIO Update 3\VAIOUpdt .exe
C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher .exe
C:\WINDOWS\ehome\ehtray .exe
C:\WINDOWS\system32\ctfmon .exe
C:\WINDOWS\system32\DLA\DLACTRLW .EXE


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#7
alibaba13
Posted 04 March 2008 - 01:57 PM

alibaba13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi again
I have tried this, yet the same problem persists

ComboFix 08-03-01 - Hulya Kurshat 2008-03-01 13:13:22.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1436 [GMT 0:00]
Running from: C:\Documents and Settings\Hulya Kurshat\My Documents\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll


((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Hulya Kurshat\Application Data\macromedia\Flash Player\#SharedObjects\YZMB2W34\iforex.com
C:\Documents and Settings\Hulya Kurshat\Application Data\macromedia\Flash Player\#SharedObjects\YZMB2W34\iforex.com\Emerp\Events\flash_object.swf\user_data.sol
C:\Documents and Settings\Hulya Kurshat\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com
C:\Documents and Settings\Hulya Kurshat\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#iforex.com\settings.sol
C:\Program Files\QuickTime\qttask .exe
C:\WINDOWS\cookies.ini
C:\WINDOWS\system32\aoaljric.ini
C:\WINDOWS\system32\atmxbbaf.dll
C:\WINDOWS\system32\auuvtupl.ini
C:\WINDOWS\system32\cvkhwctx.ini
C:\WINDOWS\system32\hmypnbko.dll
C:\WINDOWS\system32\jmxqhwvt.dll
C:\WINDOWS\system32\ljxcvxsk.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mllmn.dll
C:\WINDOWS\system32\mllmn.exe
C:\WINDOWS\system32\mllscbms.ini
C:\WINDOWS\system32\nmllm.ini
C:\WINDOWS\system32\nmllm.ini2
C:\WINDOWS\system32\oxpixbit.dll
C:\WINDOWS\system32\qnjoqnjx.dll
C:\WINDOWS\system32\qnjoqnjx.dllbox
C:\WINDOWS\system32\qqfohjbv.dll
C:\WINDOWS\system32\rjqawdgw.ini
C:\WINDOWS\system32\roqridpx.ini
C:\WINDOWS\system32\tibxipxo.ini
C:\WINDOWS\system32\vmlwqhsr.dll
C:\WINDOWS\system32\windows

.
((((((((((((((((((((((((( Files Created from 2008-02-01 to 2008-03-01 )))))))))))))))))))))))))))))))
.

2008-02-27 22:07 . 2008-02-27 22:07 <DIR> d-------- C:\Program Files\Viewpoint
2008-02-26 23:34 . 2008-02-26 23:34 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-02-25 19:18 . 2008-02-29 19:27 99,463 --a------ C:\WINDOWS\BM5796bdc3.xml
2008-02-25 19:18 . 2008-02-29 19:41 21 --a------ C:\WINDOWS\pskt.ini
2008-02-23 19:24 . 2008-02-23 19:24 <DIR> d-------- C:\Program Files\iPod
2008-02-23 19:24 . 2008-02-23 19:42 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-23 19:24 . 2008-02-23 19:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-22 19:17 . 2008-02-23 17:49 1,734 ---hs---- C:\WINDOWS\system32\utejfpxm.ini
2008-02-21 19:20 . 2008-02-22 19:07 1,014 ---hs---- C:\WINDOWS\system32\miwuyayp.ini
2008-02-20 21:07 . 2008-02-20 21:07 <DIR> d-------- C:\Documents and Settings\Hulya Kurshat\Application Data\Bitdefender
2008-02-20 20:31 . 2008-02-20 20:31 <DIR> d-------- C:\Program Files\Softwin
2008-02-20 19:18 . 2008-02-21 19:18 654 ---hs---- C:\WINDOWS\system32\bpatptmh.ini
2008-02-12 11:36 . 2008-02-14 12:21 <DIR> d-------- C:\Program Files\Incomplete
2008-02-09 08:06 . 2008-03-01 13:16 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-02-09 08:00 . 2008-02-20 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-09 07:57 . 2008-02-29 19:04 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-02-08 17:55 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-08 17:55 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-02-08 17:55 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-02-08 17:55 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-02-08 17:55 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-02-08 17:55 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-02-08 17:55 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-02-08 17:55 . 2007-01-08 15:30 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-01 13:15 --------- d-----w C:\Program Files\QuickTime
2008-02-29 19:03 --------- d-----w C:\Program Files\Alcohol 120
2008-02-27 22:08 --------- d-----w C:\Program Files\AOL 9.0
2008-02-27 22:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\Viewpoint
2008-02-25 19:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-25 11:02 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-02-25 11:02 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\Symantec
2008-02-25 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-23 21:17 --------- d-----w C:\Program Files\iTunes
2008-02-22 19:16 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\LimeWire
2008-02-22 19:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-21 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Smilebox
2008-02-16 19:53 --------- d-----w C:\Program Files\mIRC
2008-02-14 22:33 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\ZoomBrowser EX
2008-02-14 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-14 12:15 --------- d-----w C:\Program Files\LimeWire
2008-02-12 07:35 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\Ford Error Hide
2008-02-12 07:34 --------- d-----w C:\Documents and Settings\All Users\Application Data\size draw rule 2
2008-02-12 02:18 --------- d-----w C:\Program Files\Apoint
2008-02-08 18:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 17:56 --------- d-----w C:\Program Files\InterVideo
2008-02-08 17:56 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-02-08 17:55 10,368 ----a-w C:\WINDOWS\system32\drivers\iviaspi.sys
2008-02-04 19:36 --------- d-----w C:\Program Files\McGraw-Hill
2008-02-01 22:26 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\Azureus
2008-01-01 14:27 --------- d-----w C:\Program Files\Games
2008-01-01 13:34 278,728 ----a-w C:\WINDOWS\system32\drivers\atksgt.sys
2008-01-01 13:34 25,416 ----a-w C:\WINDOWS\system32\drivers\lirsgt.sys
2008-01-01 13:21 715,248 ----a-w C:\WINDOWS\system32\drivers\sptd.sys
2008-01-01 12:46 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\Sony Corporation
2007-12-30 19:24 168 ----a-w C:\Documents and Settings\Hulya Kurshat\Application Data\wklnhst.dat
2007-10-16 15:14 70,816 ----a-w C:\Documents and Settings\Hulya Kurshat\Application Data\GDIPFONTCACHEV1.DAT
.
<pre>
----a-w		   290,816 2008-02-29 19:03:52  C:\Documents and Settings\All Users\Application Data\BitDefender\Desktop\Quarantine\bdmcon .exe
----a-w		   483,328 2008-02-11 22:52:08  C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray .exe
----a-w			63,712 2008-02-11 22:52:15  C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy .exe
----a-w			57,344 2007-12-31 07:56:00  C:\Program Files\Adobe\Photoshop Elements 4.0\apdproxy .exe
----a-w			39,792 2008-02-28 19:11:40  C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl .exe
----a-w		   118,784 2008-02-11 22:51:57  C:\Program Files\Apoint\Apoint .exe
----a-w			50,736 2008-02-11 22:52:27  C:\Program Files\Common Files\AOL\1173038790\ee\AOLSoftware .exe
----a-w			71,216 2008-02-11 22:52:09  C:\Program Files\Common Files\AOL\ACS\AOLDial .exe
----a-w			52,848 2008-02-23 19:42:32  C:\Program Files\Common Files\Symantec Shared\ccApp .exe
----a-w		   143,360 2008-02-11 22:52:00  C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif .exe
----a-w		   267,048 2008-02-23 19:42:35  C:\Program Files\iTunes\iTunesHelper .exe
----a-w			36,975 2008-02-11 22:52:14  C:\Program Files\Java\jre1.5.0_06\bin\jusched .exe
----a-w		   385,024 2008-02-23 21:19:52  C:\Program Files\QuickTime\qttask									 .exe
----a-w		   385,024 2008-02-23 21:19:52  C:\Program Files\QuickTime\qttask									.exe
----a-w		   385,024 2008-02-22 23:06:15  C:\Program Files\QuickTime\qttask								   .exe
----a-w		   385,024 2008-02-22 23:06:15  C:\Program Files\QuickTime\qttask								  .exe
----a-w		   385,024 2008-02-22 23:06:15  C:\Program Files\QuickTime\qttask								 .exe
----a-w		   385,024 2008-02-22 23:06:16  C:\Program Files\QuickTime\qttask								.exe
----a-w		   385,024 2008-02-22 23:06:16  C:\Program Files\QuickTime\qttask							   .exe
----a-w		   385,024 2008-02-21 00:25:23  C:\Program Files\QuickTime\qttask							  .exe
----a-w		   385,024 2008-02-20 23:17:41  C:\Program Files\QuickTime\qttask							 .exe
----a-w		   385,024 2008-02-20 23:17:41  C:\Program Files\QuickTime\qttask							.exe
----a-w		   385,024 2008-02-20 23:17:41  C:\Program Files\QuickTime\qttask						   .exe
----a-w		   385,024 2008-02-20 23:17:41  C:\Program Files\QuickTime\qttask						  .exe
----a-w		   385,024 2008-02-20 23:17:42  C:\Program Files\QuickTime\qttask						 .exe
----a-w		   385,024 2008-02-20 23:17:42  C:\Program Files\QuickTime\qttask						.exe
----a-w		   385,024 2008-02-20 23:17:42  C:\Program Files\QuickTime\qttask					   .exe
----a-w		   385,024 2008-02-20 23:17:42  C:\Program Files\QuickTime\qttask					  .exe
----a-w		   385,024 2008-02-20 23:17:43  C:\Program Files\QuickTime\qttask					 .exe
----a-w		   385,024 2008-02-20 23:17:43  C:\Program Files\QuickTime\qttask					.exe
----a-w		   385,024 2008-02-20 23:17:43  C:\Program Files\QuickTime\qttask				   .exe
----a-w		   385,024 2008-02-20 23:17:43  C:\Program Files\QuickTime\qttask				  .exe
----a-w		   385,024 2008-02-20 23:17:44  C:\Program Files\QuickTime\qttask				 .exe
----a-w		   385,024 2008-02-20 23:17:44  C:\Program Files\QuickTime\qttask				.exe
----a-w		   385,024 2008-02-20 23:17:44  C:\Program Files\QuickTime\qttask			   .exe
----a-w		   385,024 2008-02-20 23:17:44  C:\Program Files\QuickTime\qttask			  .exe
----a-w		   385,024 2008-02-20 23:17:44  C:\Program Files\QuickTime\qttask			 .exe
----a-w		   385,024 2008-02-20 23:17:45  C:\Program Files\QuickTime\qttask			.exe
----a-w		   385,024 2008-02-20 23:17:45  C:\Program Files\QuickTime\qttask		   .exe
----a-w		   760,320 2008-03-01 08:09:35  C:\Program Files\QuickTime\qttask		 .exe
----a-w		   385,024 2008-02-29 20:22:32  C:\Program Files\QuickTime\qttask		.exe
----a-w		   385,024 2008-02-29 20:22:32  C:\Program Files\QuickTime\qttask	   .exe
----a-w		   385,024 2008-02-29 20:22:33  C:\Program Files\QuickTime\qttask	  .exe
----a-w		   385,024 2008-02-29 20:22:33  C:\Program Files\QuickTime\qttask	 .exe
----a-w		   385,024 2008-02-29 20:22:33  C:\Program Files\QuickTime\qttask	.exe
----a-w		   385,024 2008-02-29 20:22:33  C:\Program Files\QuickTime\qttask   .exe
----a-w		   385,024 2008-02-29 20:22:33  C:\Program Files\QuickTime\qttask  .exe
----a-w		   385,024 2008-02-29 20:22:34  C:\Program Files\QuickTime\qttask .exe
----a-w			26,112 2008-02-11 22:52:11  C:\Program Files\Real\RealPlayer\RealPlay .exe
----a-w			69,632 2008-02-29 19:09:06  C:\Program Files\Softwin\BitDefender10\bdagent .exe
----a-w		   290,816 2008-02-29 19:09:06  C:\Program Files\Softwin\BitDefender10\bdmcon .exe
----a-w			29,696 2008-02-11 22:52:02  C:\Program Files\Sony\AppMonUtil\AppMonUtility .exe
----a-w			32,768 2008-02-11 22:51:59  C:\Program Files\Sony\ISB Utility\ISBMgr .exe
----a-w			69,632 2008-02-11 22:51:58  C:\Program Files\Sony\VAIO Camera Utility\VCUServe .exe
----a-w		   217,088 2008-02-11 22:51:59  C:\Program Files\Sony\VAIO Power Management\SPMgr .exe
----a-w		   546,936 2008-02-11 22:52:13  C:\Program Files\Sony\VAIO Update 3\VAIOUpdt .exe
----a-w		   176,128 2008-02-11 22:52:00  C:\Program Files\Sony\Wireless Switch Setting Utility\Switcher .exe
----a-w			59,392 2008-02-20 23:23:07  C:\WINDOWS\ehome\ehtray .exe
----a-w			15,360 2008-02-20 23:23:16  C:\WINDOWS\system32\ctfmon .exe
----a-w		   127,036 2008-02-11 22:52:05  C:\WINDOWS\system32\DLA\DLACTRLW .EXE
</pre>


-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 12:00 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"road draw"="C:\DOCUME~1\HULYAK~1\APPLIC~1\FORDER~1\DVD OPTION START.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-06 02:36 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-06 02:36 7561216]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 15:46 45056 C:\WINDOWS\system32\ico.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [ ]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [ ]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [ ]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [ ]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-10 12:00 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-03-04 15:38:54 156784]
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe [2007-03-04 15:39:48 250992]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-02 21:19:10 1753088]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 13:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 16:26]
R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 20:09]
R3 5U870CAP_VID_1262&PID_25FD;Sony Visual Communication Camera VGP-VCC2 ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-30 08:27]
R3 AVerM115S;AVerM115S service;C:\WINDOWS\system32\DRIVERS\AVerM115S.sys [2006-07-26 07:13]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 09:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2007-04-23 13:29]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 18:10]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 16:23]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-01 13:19:10
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Adobe\Photoshop Elements 4.0\PhotoshopElementsFileAgent.exe
C:\PROGRA~1\COMMON~1\AOL\ACS\AOLacsd.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\StacSV.exe
C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
C:\Program Files\Sony\VAIO Event Service\VESMgr.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VCSW\VCSW.exe
C:\WINDOWS\wanmpsvc.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\Program Files\Common Files\Softwin\BitDefender Communicator\xcommsvr.exe
C:\Program Files\Canon\CAL\CALMAIN.exe
C:\Program Files\Common Files\Softwin\BitDefender Update Service\livesrv.exe
C:\WINDOWS\ehome\mcrdsvc.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzCdbSvc.exe
C:\Program Files\Common Files\Softwin\BitDefender Scan Server\bdss.exe
C:\Program Files\Common Files\Sony Shared\VAIO Entertainment Platform\VzCdb\VzFw.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosA2dp.exe
C:\Program Files\Softwin\BitDefender10\vsserv.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHid.exe
C:\WINDOWS\system32\dllhost.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtHsp.exe
C:\WINDOWS\system32\imapi.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosOBEX.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\Toshiba\Bluetooth Toshiba Stack\tosBtProc.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-03-01 13:21:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-01 13:21:44
.
2008-02-13 12:04:18 --- E O F ---
  • 0

#8
Tigger93
Posted 04 March 2008 - 04:29 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
[quote name='Tigger93' date='Mar 3 2008, 04:31 PM' post='1180242']
Please delete your current copy of Combofix and download a new version from:
http://subs.geekstogo.com/ComboFix.exe

1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

File::
C:\WINDOWS\BM5796bdc3.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\utejfpxm.ini
C:\WINDOWS\system32\miwuyayp.ini
C:\WINDOWS\system32\bpatptmh.ini

Folder::
C:\Program Files\Viewpoint
C:\Documents and Settings\All Users\Application Data\Viewpoint
C:\Documents and Settings\Hulya Kurshat\Application Data\Ford Error Hide
C:\Documents and Settings\All Users\Application Data\size draw rule 2

Registry::
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"road draw"=-


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

  • 0

#9
alibaba13
Posted 05 March 2008 - 01:50 PM

alibaba13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi.
Thanks again, but still the icon hasn't been fixed!
ComboFix 08-03-05.1 - Hulya Kurshat 2008-03-05 19:43:44.5 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1324 [GMT 0:00]
Running from: C:\Documents and Settings\Hulya Kurshat\My Documents\ComboFix.exe
Command switches used :: C:\Documents and Settings\Hulya Kurshat\My Documents\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\BM5796bdc3.xml
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\bpatptmh.ini
C:\WINDOWS\system32\miwuyayp.ini
C:\WINDOWS\system32\utejfpxm.ini
.
The following files were disabled during the run:
C:\WINDOWS\system32\sockspy.dll


((((((((((((((((((((((((( Files Created from 2008-02-05 to 2008-03-05 )))))))))))))))))))))))))))))))
.

2008-02-26 23:34 . 2008-02-26 23:34 <DIR> d-------- C:\WINDOWS\McAfee.com
2008-02-23 19:24 . 2008-02-23 19:24 <DIR> d-------- C:\Program Files\iPod
2008-02-23 19:24 . 2008-03-05 19:31 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-02-23 19:24 . 2008-02-23 19:24 1,409 --a------ C:\WINDOWS\QTFont.for
2008-02-20 21:07 . 2008-02-20 21:07 <DIR> d-------- C:\Documents and Settings\Hulya Kurshat\Application Data\Bitdefender
2008-02-20 20:31 . 2008-02-20 20:31 <DIR> d-------- C:\Program Files\Softwin
2008-02-12 11:36 . 2008-02-14 12:21 <DIR> d-------- C:\Program Files\Incomplete
2008-02-09 08:06 . 2008-03-05 19:42 81,984 --a------ C:\WINDOWS\system32\bdod.bin
2008-02-09 08:00 . 2008-02-20 20:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\BitDefender
2008-02-09 07:57 . 2008-02-29 19:04 <DIR> d-------- C:\Program Files\Common Files\Softwin
2008-02-08 17:55 . 2006-11-29 13:06 3,426,072 --a------ C:\WINDOWS\system32\d3dx9_32.dll
2008-02-08 17:55 . 2007-01-24 15:27 255,848 --a------ C:\WINDOWS\system32\xactengine2_6.dll
2008-02-08 17:55 . 2006-12-08 12:02 251,672 --a------ C:\WINDOWS\system32\xactengine2_5.dll
2008-02-08 17:55 . 2006-09-28 16:05 237,848 --a------ C:\WINDOWS\system32\xactengine2_4.dll
2008-02-08 17:55 . 2006-07-28 09:30 236,824 --a------ C:\WINDOWS\system32\xactengine2_3.dll
2008-02-08 17:55 . 2006-09-28 16:04 68,888 --a------ C:\WINDOWS\system32\xinput1_3.dll
2008-02-08 17:55 . 2006-07-28 09:30 62,744 --a------ C:\WINDOWS\system32\xinput1_2.dll
2008-02-08 17:55 . 2007-01-08 15:30 15,128 --a------ C:\WINDOWS\system32\x3daudio1_1.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-04 19:38 --------- d-----w C:\Program Files\QuickTime
2008-03-04 19:38 --------- d-----w C:\Program Files\iTunes
2008-03-04 19:38 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-03-04 19:38 --------- d-----w C:\Program Files\Apoint
2008-02-29 19:03 --------- d-----w C:\Program Files\Alcohol 120
2008-02-27 22:08 --------- d-----w C:\Program Files\AOL 9.0
2008-02-25 19:09 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-25 11:02 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\Symantec
2008-02-25 11:02 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-02-22 19:16 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\LimeWire
2008-02-22 19:13 --------- d-----w C:\Program Files\Windows Media Connect 2
2008-02-21 20:43 --------- d-----w C:\Documents and Settings\All Users\Application Data\Smilebox
2008-02-20 23:23 15,360 ----a-w C:\WINDOWS\system32\ctfmon.exe
2008-02-16 19:53 --------- d-----w C:\Program Files\mIRC
2008-02-14 22:33 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\ZoomBrowser EX
2008-02-14 22:19 --------- d-----w C:\Documents and Settings\All Users\Application Data\ZoomBrowser
2008-02-14 12:15 --------- d-----w C:\Program Files\LimeWire
2008-02-08 18:11 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-08 17:56 --------- d-----w C:\Program Files\InterVideo
2008-02-08 17:56 --------- d-----w C:\Program Files\Common Files\InterVideo
2008-02-08 17:55 10,368 ----a-w C:\WINDOWS\system32\drivers\iviaspi.sys
2008-02-04 19:36 --------- d-----w C:\Program Files\McGraw-Hill
2008-02-01 22:26 --------- d-----w C:\Documents and Settings\Hulya Kurshat\Application Data\Azureus
2007-12-30 19:24 168 ----a-w C:\Documents and Settings\Hulya Kurshat\Application Data\wklnhst.dat
2007-12-07 02:21 824,832 ----a-w C:\WINDOWS\system32\wininet.dll
2007-10-16 15:14 70,816 ----a-w C:\Documents and Settings\Hulya Kurshat\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( snapshot@2008-03-04_19.45.32.07 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-03-05 19:31:33 16,384 ----atw C:\WINDOWS\Temp\Perflib_Perfdata_66c.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2008-02-20 23:23 15360]
"MsnMsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [ ]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [ ]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [ ]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-07-06 02:36 86016]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-07-06 02:36 7561216]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2004-08-10 04:04 59392]
"Mouse Suite 98 Daemon"="ICO.EXE" [2002-03-14 15:46 45056 C:\WINDOWS\system32\ico.exe]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-02-28 19:11 39792]
"BDMCon"="C:\Program Files\Softwin\BitDefender10\bdmcon.exe" [2008-02-29 19:09 290816]
"BDAgent"="C:\Program Files\Softwin\BitDefender10\bdagent.exe" [2008-02-29 19:09 69632]
"QuickTime Task"="C:\Program Files\QuickTime\qttask .exe" [ ]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-23 19:42 267048]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2008-02-20 23:23 15360]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
AOL 9.0 Tray Icon.lnk - C:\Program Files\AOL 9.0\aoltray.exe [2007-03-04 15:38:54 156784]
AOL Companion.lnk - C:\Program Files\AOL Companion\companion.exe [2007-03-04 15:39:48 250992]
Bluetooth Manager.lnk - C:\Program Files\Toshiba\Bluetooth Toshiba Stack\TosBtMng.exe [2006-02-02 21:19:10 1753088]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 00:01:04 83360]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\VESWinlogon]
VESWinlogon.dll 2006-03-09 13:51 73728 C:\WINDOWS\system32\VESWinlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=sockspy.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Adobe\\Photoshop Elements 4.0\\AdobePhotoshopElementsMediaServer.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\Common Files\\AOL\\ACS\\AOLacsd.exe"=
"C:\\Program Files\\AOL 9.0\\waol.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Sports Interactive\\Football Manager 2008\\fm.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 MSSQL$VAIO_VEDB;MSSQL$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlservr.exe [2002-12-17 16:26]
R2 regi;regi;C:\WINDOWS\system32\drivers\regi.sys [2007-04-17 20:09]
R3 5U870CAP_VID_1262&PID_25FD;Sony Visual Communication Camera VGP-VCC2 ;C:\WINDOWS\system32\Drivers\5U870CAP.sys [2006-06-30 08:27]
R3 AVerM115S;AVerM115S service;C:\WINDOWS\system32\DRIVERS\AVerM115S.sys [2006-07-26 07:13]
R3 SonyImgF;Sony Image Conversion Filter Driver;C:\WINDOWS\system32\DRIVERS\SonyImgF.sys [2006-03-06 09:39]
R3 ti21sony;ti21sony;C:\WINDOWS\system32\drivers\ti21sony.sys [2007-04-23 13:29]
S3 Image Converter video recording monitor for VAIO Entertainment;Image Converter video recording monitor for VAIO Entertainment;C:\Program Files\Sony\Image Converter 2\IcVzMon.exe [2005-07-14 18:10]
S3 MSControlService;Microsoft cache control;C:\WINDOWS\system32\windows []
S3 SQLAgent$VAIO_VEDB;SQLAgent$VAIO_VEDB;C:\Program Files\Microsoft SQL Server\MSSQL$VAIO_VEDB\Binn\sqlagent.EXE [2002-12-17 16:23]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-05 19:45:43
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet002\Services\MSControlService]
"ImagePath"="C:\WINDOWS\system32\windows"
.
Completion time: 2008-03-05 19:46:23
ComboFix-quarantined-files.txt 2008-03-05 19:46:14
ComboFix2.txt 2008-03-04 19:45:49
ComboFix3.txt 2008-03-03 21:38:30
ComboFix4.txt 2008-03-01 16:06:05
ComboFix5.txt 2008-03-01 13:21:49
.
2008-02-13 12:04:18 --- E O F ---
  • 0

#10
Tigger93
Posted 05 March 2008 - 04:15 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hi.

Your going to have to be a little patient on the icon, were working on it. :)

Go Start > Control Panel > Add/Remove Programs and uninstall:
LimeWire
Azureus

Delete these folders:
C:\Program Files\LimeWire\
C:\Program Files\Azureus\

Please download Malwarebytes' Anti-Malware from Here or Here

Double Click mbam-setup.exe to install the application.
  • Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select "Perform Quick Scan", then click Scan.
  • The scan may take some time to finish,so please be patient.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Make sure that everything is checked, and click Remove Selected.
  • When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.(See Extra Note)
  • The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
  • Copy&Paste the entire report in your next reply.
Extra Note:
If MBAM encounters a file that is difficult to remove,you will be presented with 1 of 2 prompts,click OK to either and let MBAM proceed with the disinfection process,if asked to restart the computer,please do so immediatly.
  • 0

Advertisements

#11
alibaba13
Posted 06 March 2008 - 02:22 PM

alibaba13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi,
New problem - when i try to install the malware software, i get a warning...'unable to register dll/OCX: Regsvr32 failed with exit code 0x3' and i cannot install it.
  • 0

#12
Tigger93
Posted 06 March 2008 - 04:21 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Hm, quite odd.

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
  • 0

#13
alibaba13
Posted 07 March 2008 - 02:10 PM

alibaba13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
hi, new problem lol.
once i d/l it, i hit run, but get the following messge - 'the procedure * could not be located in the DLL MSVBVM60.DLL'
  • 0

#14
Tigger93
Posted 07 March 2008 - 04:54 PM

Tigger93

    Trusted Helper

  • Retired Staff
  • 1,870 posts
Download this and put it in C:\Windows\System32 and try it.
  • 0

#15
alibaba13
Posted 10 March 2008 - 01:51 PM

alibaba13

    New Member

  • Topic Starter
  • Member
  • Pip
  • 9 posts
Hi,
I d/l that and reran vundofix. however, after scanning it informs me there are no infected files on my system.
  • 0
Back to Virus, Spyware, Malware Removal · Next Unread Topic →




Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

  1. Geeks to Go Community
  2. Security
  3. Virus, Spyware, Malware Removal

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP