Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Trojan SPM/LX removal


  • This topic is locked This topic is locked

#1
Newidude

Newidude

    New Member

  • Member
  • Pip
  • 3 posts
Well this is the only name I could find on the virus anyway. It has taken over the desktop image with a blue screen with text saying that there is no way I can remove it. Cheeky bugger.
Ok so i tried the steps using Smitfraudfix.exe as instructed in other posts on this trojan but both times it only managed to clean me up for about 1 minute and then the desktop went back to the trojans one (mywallper) and the toolbar infected pop ups came back.
I did run Smitfraud in safemode but for some reason, even though my computer only has the one user profile (me as addminister), safe mode gave me the option to log in as admin or me. I had to go under me as this was the only place that let me have access to the Smitfraud exe I downloaded to the desktop. I just downloaded HJT and will post a log if you feel its needed.
Many thanks in advance as this ones got me beat.
I have since run Smitfraud again as admin in safe mode by putting it on a flash drive but only managed about 5 minutes of peace before it returned again and took over the desktop again. I am on a network but this is the main computer that connects dirrectly to the internet. Should I be running "Safe mode with networking" ?

HJT log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 12:29:40 PM, on 21/04/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16640)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
C:\WINDOWS\eHome\ehRecvr.exe
C:\WINDOWS\eHome\ehSched.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\Program Files\McAfee\MSK\MskSrver.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\PAStiSvc.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\wanmpsvc.exe
C:\WINDOWS\system32\SearchIndexer.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\data\database\bin\mysqld-nt.exe
C:\WINDOWS\system32\dllhost.exe
C:\WINDOWS\System32\svchost.exe
c:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\ehome\ehtray.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\WINDOWS\stsystra.exe
C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
C:\Program Files\Dell\Media Experience\DMXLauncher.exe
C:\WINDOWS\System32\DLA\DLACTRLW.EXE
C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe
C:\WINDOWS\eHome\ehmsas.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Real\RealPlayer\RealPlay.exe
C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe
C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe
C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe
C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
C:\Program Files\Brother\ControlCenter2\brctrcen.exe
C:\WINDOWS\syspyukrazv.exe
C:\WINDOWS\sysqkmwfedz.exe
C:\WINDOWS\sysrxmfdksp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Digital Line Detect\DLG.exe
C:\Program Files\Windows Desktop Search\WindowsSearch.exe
C:\WINDOWS\system32\SearchProtocolHost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R1 - HKLM\Software\Microsoft\Internet Explorer\Search,Default_Page_URL = www.google.com.au/ig/dell?hl=en&client=dell-row&channel=au&ibd=4070704
O1 - Hosts: 5.181.179.179 Grunty1
O1 - Hosts: 5.79.210.54 WINSV03
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Adobe Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Skype add-on (mastermind) - {22BF413B-C6D2-4d91-82A9-A0F997BA588C} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O2 - BHO: McAntiPhishingBHO - {377C180E-6F0E-4D4C-980F-F45BD3D40CF4} - c:\PROGRA~1\mcafee\msk\mcapbho.dll
O2 - BHO: DriveLetterAccess - {5CA3D70E-1895-11CF-8E15-001234567890} - C:\WINDOWS\System32\DLA\DLASHX_W.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan\scriptsn.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Browser Address Error Redirector - {CA6319C0-31B7-401E-A518-A07C3DB8F777} - C:\Program Files\BAE\BAE.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [ehTray] C:\WINDOWS\ehome\ehtray.exe
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [SigmatelSysTrayApp] stsystra.exe
O4 - HKLM\..\Run: [IAAnotif] C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe
O4 - HKLM\..\Run: [DMXLauncher] C:\Program Files\Dell\Media Experience\DMXLauncher.exe
O4 - HKLM\..\Run: [DLA] C:\WINDOWS\System32\DLA\DLACTRLW.EXE
O4 - HKLM\..\Run: [ISUSPM Startup] C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe -startup
O4 - HKLM\..\Run: [ISUSScheduler] "C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [RealTray] C:\Program Files\Real\RealPlayer\RealPlay.exe SYSTEMBOOTHIDEPLAYER
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe"
O4 - HKLM\..\Run: [Adobe Version Cue CS2] "C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [HPWQTOOLBOX] C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe "-i"
O4 - HKLM\..\Run: [SSBkgdUpdate] "C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" -Embedding -boot
O4 - HKLM\..\Run: [PaperPort PTD] C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe
O4 - HKLM\..\Run: [IndexSearch] C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe
O4 - HKLM\..\Run: [SetDefPrt] C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe
O4 - HKLM\..\Run: [ControlCenter2.0] C:\Program Files\Brother\ControlCenter2\brctrcen.exe /autorun
O4 - HKLM\..\Run: [mcagent_exe] C:\Program Files\McAfee.com\Agent\mcagent.exe /runkey
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}] "C:\WINDOWS\syspyukrazv.exe"
O4 - HKLM\..\Run: [{157627A6-2A10-4aa1-B97F-90B8DC6F24AC}] "C:\WINDOWS\sysqkmwfedz.exe"
O4 - HKLM\..\Run: [{E4785213-3EFE-4c26-A9B4-332440E31F6F}] "C:\WINDOWS\sysrxmfdksp.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Digital Line Detect.lnk = ?
O4 - Global Startup: Microsoft Office.lnk = C:\Program Files\Microsoft Office\Office10\OSA.EXE
O4 - Global Startup: VPN Client.lnk = ?
O4 - Global Startup: Windows Desktop Search.lnk = C:\Program Files\Windows Desktop Search\WindowsSearch.exe
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert to existing PDF - res://C:\Program Files\Adobe\Adobe Acrobat 7.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Skype - {77BF5300-1474-4EC7-9980-D32B190E9B07} - C:\Program Files\Skype\Toolbars\Internet Explorer\SkypeIEPlugin.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: Real.com - {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - C:\WINDOWS\system32\Shdocvw.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.mi...b?1184123828953
O16 - DPF: {79D6214F-CFCE-480F-9901-27950E78F1E6} (WebCacheCleaner Class) - https://ausra.dyndns...acheCleaner.cab
O16 - DPF: {D27CDB6E-AE6D-11CF-96B8-444553540000} (Shockwave Flash Object) - http://fpdownload2.m...ash/swflash.cab
O16 - DPF: {DD5E6739-FDD6-4542-8940-4A4B8AB5276E} (NGVPLaunch Class) - https://ausra.dyndns...NGVPNTunnel.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: GoToAssist Express Customer - C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_winlogon.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Adobe Version Cue CS2 - Adobe Systems Incorporated - C:\Program Files\Adobe\Adobe Version Cue CS2\bin\VersionCueCS2.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Unknown owner - C:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe (file missing)
O23 - Service: Cisco Systems, Inc. VPN Service (CVPND) - Cisco Systems, Inc. - C:\Program Files\Cisco Systems\VPN Client\cvpnd.exe
O23 - Service: GoToAssist Express Customer - Unknown owner - C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_service.exe
O23 - Service: Intel® Matrix Storage Event Monitor (IAANTMON) - Intel Corporation - C:\Program Files\Intel\Intel Matrix Storage Manager\Iaantmon.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Proxy Service (McProxy) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\mcproxy\mcproxy.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: McAfee SpamKiller Service (MSK80Service) - McAfee, Inc. - C:\Program Files\McAfee\MSK\MskSrver.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: STI Simulator - Unknown owner - C:\WINDOWS\System32\PAStiSvc.exe
O23 - Service: WAN Miniport (ATW) Service (WANMiniportService) - America Online, Inc. - C:\WINDOWS\wanmpsvc.exe

--
End of file - 13148 bytes
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

Try running it in Safe Mode without networking since your antivirus and other security programs will be turned off. Plus we want as little programs to be running as possible when running SmitfraudFix.

Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
Newidude

Newidude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Ran SmitfraudFix again in safe mode once more and again to no avail. 5 minutes later and the desktop bg was taken over again. Took 3 goes to get mbam to complete a full scan as the computer kept hitting me with a blue screen error, both times well into the scan.
Here is the log from there anyway. I'll get onto running combofix and posting the log now.
Thanks again for the help

Malwarebytes' Anti-Malware 1.11
Database version: 667

Scan type: Full Scan (C:\|)
Objects scanned: 194343
Time elapsed: 1 hour(s), 12 minute(s), 59 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 1

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\WINDOWS\Explorer.EXE.Z-missing.txt (Heuristics.Reserved.Word.Exploit) -> Quarantined and deleted successfully.




Combofix log

ComboFix 08-04-20.5 - Tony Roddom 2008-04-22 14:44:30.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.1427 [GMT 10:00]
Running from: C:\Documents and Settings\Tony Roddom\Desktop\Brads Stuff\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\mywallpaper.bmp
C:\WINDOWS\zetzfhjbnud.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-22 to 2008-04-22 )))))))))))))))))))))))))))))))
.

2008-04-22 13:30 . 2008-04-22 14:46 7,057,104 --a------ C:\WINDOWS\mywallpaper.bmp
2008-04-22 13:22 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-04-22 11:36 . 2008-04-22 11:36 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-04-22 11:36 . 2008-04-22 11:36 <DIR> d-------- C:\Documents and Settings\Tony Roddom\Application Data\Malwarebytes
2008-04-22 11:36 . 2008-04-22 11:36 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-04-21 17:09 . 2008-04-21 17:10 <DIR> d-------- C:\Program Files\NoAdware5.0
2008-04-21 12:29 . 2008-04-21 12:29 <DIR> d-------- C:\Program Files\Trend Micro
2008-04-21 10:48 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-04-21 10:48 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-04-21 10:48 . 2008-04-14 19:28 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-04-21 10:48 . 2008-04-20 00:38 82,432 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-04-21 10:48 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-04-21 10:48 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-04-21 07:52 . 2008-04-22 13:22 5,988 --a------ C:\WINDOWS\system32\tmp.reg
2008-04-21 06:36 . 2008-04-21 06:35 102,664 --a------ C:\WINDOWS\system32\drivers\tmcomm.sys
2008-04-21 06:35 . 2008-04-21 11:41 <DIR> d-------- C:\Documents and Settings\Tony Roddom\.housecall6.6
2008-04-19 21:13 . 2008-04-19 21:13 85,056 --a------ C:\WINDOWS\syspyukrazv.exe
2008-04-19 21:13 . 2008-04-19 21:13 81,984 --a------ C:\WINDOWS\sysnxcphmgy.exe
2008-04-19 21:13 . 2008-04-19 21:13 79,424 --a------ C:\WINDOWS\sysqkmwfedz.exe
2008-04-19 21:13 . 2008-04-19 21:13 75,840 --a------ C:\WINDOWS\sysrxmfdksp.exe
2008-04-19 21:13 . 2008-04-19 21:13 73,280 --a------ C:\WINDOWS\sysawpbkvnq.exe
2008-04-19 21:13 . 2008-04-19 21:13 3,072 --a------ C:\WINDOWS\zetuhxdafgn.exe
2008-04-19 21:13 . 2008-04-19 21:13 1,409 --a------ C:\WINDOWS\zetasvrfgce.exe
2008-04-19 21:13 . 2008-04-19 21:13 1,272 --a------ C:\WINDOWS\zetjmnefwqh.exe
2008-04-17 08:21 . 2008-04-17 08:21 <DIR> d-------- C:\Documents and Settings\Tony Roddom\Application Data\Windows Desktop Search
2008-04-17 08:20 . 2008-04-17 08:20 <DIR> d-------- C:\Program Files\Windows Desktop Search
2008-04-17 08:19 . 2006-09-15 22:36 192,000 --------- C:\WINDOWS\system32\dllcache\offfilt.dll
2008-04-17 08:19 . 2006-09-15 22:36 98,304 --------- C:\WINDOWS\system32\dllcache\nlhtml.dll
2008-04-17 08:19 . 2006-09-15 22:36 29,696 --------- C:\WINDOWS\system32\dllcache\mimefilt.dll
2008-04-17 08:17 . 2008-04-17 08:17 25,431 --a------ C:\Documents and Settings\Tony Roddom\Application Data\Comma Separated Values (Windows).ADR
2008-04-10 14:16 . 2008-04-10 14:24 <DIR> d-------- C:\WINDOWS\Internet Logs
2008-04-10 14:15 . 2008-04-10 14:15 <DIR> d-------- C:\Program Files\Common Files\Deterministic Networks
2008-04-10 14:15 . 2008-04-10 14:15 <DIR> d-------- C:\Program Files\Cisco Systems
2008-04-10 14:15 . 2007-01-31 13:45 127,376 --a------ C:\WINDOWS\system32\drivers\dne2000.sys
2008-04-10 14:15 . 2007-01-31 13:45 101,904 --a------ C:\WINDOWS\system32\dneinobj.dll
2008-04-10 14:15 . 2002-11-16 11:32 55,808 --a------ C:\WINDOWS\system32\devcon.exe
2008-04-10 14:15 . 2008-04-10 14:16 1,594 --a------ C:\WINDOWS\VPNInstall.MIF
2008-04-10 13:52 . 2008-04-10 13:52 <DIR> d-------- C:\Program Files\Citrix
2008-04-10 13:51 . 2008-04-10 13:52 65,848 --a------ C:\Documents and Settings\Tony Roddom\g2ax_customer_downloadhelper_win32_x86.exe
2008-04-03 15:03 . 2008-04-03 15:03 <DIR> d-------- C:\Documents and Settings\Tony Roddom\Application Data\pdf995
2008-04-03 15:03 . 2008-04-03 15:03 28 --a------ C:\WINDOWS\pdf995.ini
2008-04-03 14:59 . 2008-04-03 15:04 <DIR> d-------- C:\Program Files\pdf995
2008-04-03 14:59 . 2008-04-03 15:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\pdf995
2008-04-03 14:59 . 2008-04-03 14:59 249,856 --a------ C:\WINDOWS\system32\pdfmona.dll
2008-04-03 14:59 . 2008-04-03 14:59 51,716 --a------ C:\WINDOWS\system32\pdf995mon.dll
2008-04-03 14:59 . 2008-04-03 15:07 59 --a------ C:\WINDOWS\wpd99.drv
2008-04-02 05:52 . 2008-04-02 05:52 <DIR> d-------- C:\SWDist
2008-03-27 10:30 . 2004-08-03 23:56 159,232 --a------ C:\WINDOWS\system32\ptpusd.dll
2008-03-27 10:30 . 2001-08-17 21:36 5,632 --a------ C:\WINDOWS\system32\ptpusb.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-21 23:27 --------- d-----w C:\Program Files\McAfee
2008-04-21 01:10 --------- d-----w C:\Program Files\Soulseek
2008-04-09 02:00 --------- d-----w C:\Program Files\Java
2008-04-09 01:46 --------- d-----w C:\Program Files\Google
2008-04-08 22:38 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-04-08 22:34 12,632 ----a-w C:\WINDOWS\system32\lsdelete.exe
2008-03-20 04:45 --------- d-----w C:\Documents and Settings\Tony Roddom\Application Data\Apple Computer
2008-03-19 23:29 --------- d-----w C:\Program Files\Common Files\Adobe
2008-03-19 20:42 --------- d-----w C:\Documents and Settings\Tony Roddom\Application Data\U3
2008-03-19 19:28 --------- d-----w C:\Program Files\Apple Software Update
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-12 00:12 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-03-12 00:10 --------- d-----w C:\Program Files\Microsoft Works
2008-03-12 00:09 --------- d-----w C:\Program Files\Microsoft.NET
2008-03-03 01:48 --------- d-----w C:\Documents and Settings\Tony Roddom\Application Data\Skype
2008-03-02 22:14 --------- d-----w C:\Program Files\AOL 7.0
2008-03-01 08:36 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-27 01:43 --------- d-----w C:\Program Files\Common Files\McAfee
2008-02-22 10:00 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2007-11-15 20:25 182 ----a-w C:\Documents and Settings\Tony Roddom\Application Data\wklnhst.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-10 07:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ehTray"="C:\WINDOWS\ehome\ehtray.exe" [2005-09-29 16:01 67584]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2007-09-17 07:07 8491008]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-10 07:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-10 07:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 07:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-10 07:00 455168]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"SigmatelSysTrayApp"="stsystra.exe" [2006-07-24 12:20 282624 C:\WINDOWS\stsystra.exe]
"IAAnotif"="C:\Program Files\Intel\Intel Matrix Storage Manager\Iaanotif.exe" [2006-07-06 09:15 151552]
"DMXLauncher"="C:\Program Files\Dell\Media Experience\DMXLauncher.exe" [2005-10-05 05:12 94208]
"DLA"="C:\WINDOWS\System32\DLA\DLACTRLW.EXE" [2005-09-08 07:20 122940]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [2004-07-27 18:50 221184]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2004-07-27 18:50 81920]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2007-04-27 09:41 282624]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2007-06-28 09:14 270648]
"RealTray"="C:\Program Files\Real\RealPlayer\RealPlay.exe" [2007-07-05 00:39 26112]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Adobe Photoshop Lightroom 1.1\apdproxy.exe" [2007-06-19 09:21 61440]
"Adobe Version Cue CS2"="C:\Program Files\Adobe\Adobe Version Cue CS2\ControlPanel\VersionCueCS2Tray.exe" [2005-04-04 18:58 856064]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Adobe Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"HPWQTOOLBOX"="C:\Program Files\Hewlett-Packard\HP Deskjet 9800 Series\Toolbox\HPWQTBX.exe" [2005-06-01 14:54 335872]
"SSBkgdUpdate"="C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe" [2003-10-14 09:22 155648]
"PaperPort PTD"="C:\Program Files\ScanSoft\PaperPort\pptd40nt.exe" [2005-03-17 13:25 57393]
"IndexSearch"="C:\Program Files\ScanSoft\PaperPort\IndexSearch.exe" [2005-03-17 13:45 40960]
"SetDefPrt"="C:\Program Files\Brother\Brmfl05c\BrStDvPt.exe" [2005-01-26 17:02 49152]
"ControlCenter2.0"="C:\Program Files\Brother\ControlCenter2\brctrcen.exe" [2005-11-11 17:30 995328]
"mcagent_exe"="C:\Program Files\McAfee.com\Agent\mcagent.exe" [2007-08-03 21:33 582992]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 21:16 39792]
"{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}"="C:\WINDOWS\syspyukrazv.exe" [2008-04-19 21:13 85056]
"{157627A6-2A10-4aa1-B97F-90B8DC6F24AC}"="C:\WINDOWS\sysqkmwfedz.exe" [2008-04-19 21:13 79424]
"{E4785213-3EFE-4c26-A9B4-332440E31F6F}"="C:\WINDOWS\sysrxmfdksp.exe" [2008-04-19 21:13 75840]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2007-07-12 10:02:11 25214]
Digital Line Detect.lnk - C:\Program Files\Digital Line Detect\DLG.exe [2007-07-05 00:37:54 24576]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office10\OSA.EXE [2001-02-13 10:01:04 83360]
VPN Client.lnk - C:\WINDOWS\Installer\{871DF2BE-41D2-4334-AC33-839AF16FC8FE}\Icon3E5562ED7.ico [2008-04-10 14:16:17 6144]
Windows Desktop Search.lnk - C:\Program Files\Windows Desktop Search\WindowsSearch.exe [2007-02-05 15:40:46 118784]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"InstallVisualStyle"= C:\WINDOWS\Resources\Themes\Royale\Royale.msstyles
"InstallTheme"= C:\WINDOWS\Resources\Themes\Royale.theme

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{56F9679E-7826-4C84-81F3-532071A8BCC5}"= C:\Program Files\Windows Desktop Search\MSNLNamespaceMgr.dll [2007-02-05 15:39 294400]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\GoToAssist Express Customer]
C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_winlogon.dll 2008-04-10 13:52 45368 C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_winlogon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Adobe\\Adobe Version Cue CS2\\bin\\VersionCueCS2.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=
"C:\\Program Files\\Common Files\\McAfee\\MNA\\McNASvc.exe"=
"C:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=

R3 BrScnUsb;Brother USB Still Image driver;C:\WINDOWS\system32\DRIVERS\BrScnUsb.sys [2004-10-15 18:50]
R3 BrSerIf;Brother MFC Serial Port Interface WDM Driver;C:\WINDOWS\system32\Drivers\BrSerIf.sys [2006-01-19 04:44]
R3 BrUsbSer;Brother MFC USB Serial WDM Driver;C:\WINDOWS\system32\Drivers\BrUsbSer.sys [2006-01-19 09:17]
R3 NGSSLDrv;VPN Tunnel NGSSLDrv Adapter;C:\WINDOWS\system32\DRIVERS\NGSSLDrv.sys [2007-05-10 13:54]
S3 GoToAssist Express Customer;GoToAssist Express Customer;"C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_service.exe" Start=service []
S3 NAL;Nal Service ;C:\WINDOWS\system32\Drivers\iqvw32.sys [2006-06-05 05:39]
S3 PAC7311;VGA USB Camera;C:\WINDOWS\system32\DRIVERS\PA707UCM.SYS [2006-04-13 17:28]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\E]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{142544c9-f08e-11dc-8b6b-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{361ac05d-0e0d-11da-9aa9-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{4e5dd13c-0f35-11dd-8b82-00038a000015}]
\Shell\Auto\command - niocviive.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL niocviive.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8d552561-8be0-11dc-8b05-00038a000015}]
\Shell\Auto\command - E:\fzrwweyxf.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL fzrwweyxf.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{8ff49947-6fee-11dc-8ae6-00038a000015}]
\Shell\Auto\command - E:\tiiylfwvl.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL tiiylfwvl.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{ab830e1b-3010-11dc-8a9b-00038a000015}]
\Shell\Auto\command - gssqsnizq.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL gssqsnizq.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8491dc0-5a58-11dc-8abd-00038a000015}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{e8491dc1-5a58-11dc-8abd-00038a000015}]
\Shell\Auto\command - nnmkdxjht.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL nnmkdxjht.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{f6cc143c-9875-11dc-8b16-00038a000015}]
\Shell\Auto\command - E:\upfernmmw.exe
\Shell\AutoRun\command - C:\WINDOWS\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL upfernmmw.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-04-16 11:38:00 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-04-14 15:00:00 C:\WINDOWS\Tasks\McDefragTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe'
"2007-07-04 14:38:16 C:\WINDOWS\Tasks\McQcTask.job"
- c:\program files\mcafee\mqc\QcConsol.exe
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-22 14:46:34
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Citrix\GoToAssist Express Customer\61\g2ax_winlogon.dll
.
Completion time: 2008-04-22 14:51:04
ComboFix-quarantined-files.txt 2008-04-22 04:51:02

Pre-Run: 205,670,326,272 bytes free
Post-Run: 205,732,900,864 bytes free

230 --- E O F --- 2008-02-13 17:52:19

Edited by Newidude, 21 April 2008 - 10:57 PM.

  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download the Flash Disinfector at http://www.techsuppo...Disinfector.exe and save it to your desktop. Double-click on it to run it and follow the on-screen instructions. It looks like your USB flash/thumb drives are infected.

Download and run the Norton Removal Tool to remove all your Norton Antivirus related files. It looks like it didn't do a good job removing/uninstalling itself.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\mywallpaper.bmp
C:\WINDOWS\syspyukrazv.exe
C:\WINDOWS\sysnxcphmgy.exe
C:\WINDOWS\sysqkmwfedz.exe
C:\WINDOWS\sysrxmfdksp.exe
C:\WINDOWS\sysawpbkvnq.exe
C:\WINDOWS\zetuhxdafgn.exe
C:\WINDOWS\zetasvrfgce.exe
C:\WINDOWS\zetjmnefwqh.exe
Registry::
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"{78B578D7-BCE1-4d83-9CD4-195BC34D8CB3}"=-
"{157627A6-2A10-4aa1-B97F-90B8DC6F24AC}"=-
"{E4785213-3EFE-4c26-A9B4-332440E31F6F}"=-

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

Delete Smitfraudfix. Download a new copy here and save it to your Desktop. Don't use the Flash drives (make sure you disinfect them first also - see above). Run the scan and post that log here when ready.
  • 0

#5
Newidude

Newidude

    New Member

  • Topic Starter
  • Member
  • Pip
  • 3 posts
Ok so the story goes one of my good mates just happens to be my foreman at work. He has almost no computer literacy what so ever and managed to get a virus on the main computer at work. Knowing I had half an idea he came to me to rid the thing before the boss found out. I did all I could but when I did everything I knew I soon realized it was out of my league and I came to you guys. I had a previous account here but can't remember the username or password I had at the time so I had to create a new one.
Well the boss found out and I showed him where I was up to. He had a go also but again to no avail. I asked for the rest of the week to get it done (trying to keep my foreman mate out of trouble) and he seemed to agree. Well this morning he came in rather grumpy and informed my mate that the computer would be un-available all day as he was going to give remote access to the desktop to invisible IT in the States (we are in Aus).
They did all the basic [bleep] all day and at the end they claimed he has put some major virus on the computer and they need to back up everything and the computer is now off limits to anyone till they fix it.
I spoke with invisible IT via a chat box and explained what I had got done so far and then showed him the link to the help you guys had been giving me but really it's now been taken out of my hands, much to my disgust as I liked the challenge and the knowledge I was gaining.
So inturn I'll mark this thread as RESOLVED but as you know its just not up to me anymore.

I thank you guys kindly for all the help and I just hope my mate doesn't get into too much trouble for his wrong doings.


CHEERS
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Sorry to hear the bad news. I'm not sure if you should even do the below, but if it's allowed it's best to install them:

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP