Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

Spyware virus [CLOSED]


  • This topic is locked This topic is locked

#1
Cjester

Cjester

    New Member

  • Member
  • Pip
  • 4 posts
Below is the log from Combofix

ComboFix 08-04-24.1 - Administrator 2008-04-26 9:56:07.1 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.290 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Administrator\Application Data\FNTS~1
C:\Documents and Settings\LocalService\Application Data\NetMon
C:\Documents and Settings\LocalService\Application Data\NetMon\domains.txt
C:\Documents and Settings\LocalService\Application Data\NetMon\log.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon
C:\Documents and Settings\NetworkService\Application Data\NetMon\domains.txt
C:\Documents and Settings\NetworkService\Application Data\NetMon\log.txt
C:\Program Files\Common Files\curity~1
C:\Program Files\Common Files\dobe~1
C:\Program Files\curity~1
C:\Program Files\pppatc~1
C:\Program Files\ssembl~1
C:\Program Files\ystem3~1
C:\Temp\1cb
C:\Temp\1cb\syscheck.log
C:\WINDOWS\BM8b119fa6.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\crosof~1.net
C:\WINDOWS\pskt.ini
C:\WINDOWS\racle~1
C:\WINDOWS\system32\duis.txt
C:\WINDOWS\system32\fcrxjouu.ini2
C:\WINDOWS\system32\fcrxjouu.tmp
C:\WINDOWS\system32\msindc.dll
C:\WINDOWS\system32\nppqpqss.ini
C:\WINDOWS\system32\nppqpqss.ini2
C:\WINDOWS\system32\pac.txt
C:\WINDOWS\system32\rsvwvyxx.ini
C:\WINDOWS\system32\rsvwvyxx.ini2
C:\WINDOWS\system32\uujeogca.dll

.
((((((((((((((((((((((((( Files Created from 2008-03-26 to 2008-04-26 )))))))))))))))))))))))))))))))
.

2008-04-21 22:45 . 2008-04-21 22:45 <DIR> d-------- C:\Program Files\SweetIM
2008-04-21 22:45 . 2008-04-21 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-04-18 19:34 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-18 19:34 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-18 19:34 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-18 15:41 . 2008-04-18 15:41 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-04-18 15:29 . 2008-04-18 15:29 <DIR> d-------- C:\Program Files\Windows Live
2008-04-18 15:29 . 2008-04-18 15:29 <DIR> d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-18 15:29 . 2008-04-18 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-18 14:38 . 2008-04-18 14:38 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-18 14:36 . 2006-08-21 10:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-18 14:36 . 2006-08-21 10:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-18 14:36 . 2006-08-21 13:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-18 14:15 . 2007-07-09 14:16 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-18 12:49 . 2008-03-01 14:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-18 12:49 . 2008-03-01 14:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-18 12:49 . 2008-03-01 14:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-18 12:49 . 2008-03-01 14:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-18 12:49 . 2008-02-22 11:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-18 12:48 . 2008-03-01 14:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-18 12:48 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-18 12:48 . 2007-07-01 04:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-18 12:48 . 2008-03-01 14:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-18 12:47 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-18 12:27 . 2008-04-18 12:27 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2008-04-18 12:27 . 2007-03-29 13:56 409,600 --------- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-04-18 12:27 . 2007-03-29 13:56 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-04-18 12:27 . 2007-03-29 13:56 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-04-18 12:27 . 2007-03-29 13:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-04-18 12:27 . 2007-03-29 13:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-04-18 12:27 . 2007-03-29 13:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-04-18 11:16 . 2008-04-18 11:58 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-18 11:16 . 2004-08-04 08:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-18 11:14 . 2008-04-18 11:14 <DIR> d-------- C:\WINDOWS\provisioning
2008-04-18 11:14 . 2008-04-18 11:14 <DIR> d-------- C:\WINDOWS\peernet
2008-04-18 11:10 . 2008-04-18 11:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-18 10:59 . 2008-04-18 11:00 <DIR> d-------- C:\WINDOWS\EHome
2008-04-18 01:14 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-04-18 01:14 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-04-18 01:14 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-04-18 01:14 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-04-18 00:17 . 2005-10-20 23:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-04-18 00:09 . 2008-04-18 00:09 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-18 00:08 . 2008-04-18 00:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-18 00:08 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-17 21:58 . 2004-08-04 08:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-17 21:58 . 2007-03-29 13:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-17 21:58 . 2007-03-29 13:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-04-17 21:58 . 2007-03-29 13:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-04-17 16:14 . 2008-04-17 16:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-17 16:14 . 2008-04-17 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-17 16:14 . 2008-04-17 16:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-17 12:44 . 2008-04-17 12:44 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-04-17 11:40 . 2008-04-17 11:40 <DIR> d--hs---- C:\WINDOWS\dXNlcg
2008-04-17 11:39 . 2008-04-17 11:39 <DIR> d-------- C:\WINDOWS\system32\resID
2008-04-17 11:39 . 2008-04-17 11:39 <DIR> d-------- C:\WINDOWS\system32\oope
2008-04-17 11:39 . 2008-04-17 11:39 <DIR> d-------- C:\WINDOWS\system32\cDe
2008-04-17 11:39 . 2008-04-17 11:39 <DIR> d-------- C:\Program Files\çasks
2008-04-17 11:39 . 2008-04-17 11:39 63,839 --a------ C:\WINDOWS\system32\{949b97fa-5aba-7cd5-5dcf-707b44664979}.dll-uninst.exe
2008-04-17 11:39 . 2008-04-17 17:54 933 --a------ C:\WINDOWS\system32\winpfz33.sys
2008-04-17 11:38 . 2008-04-17 11:38 <DIR> d-------- C:\WINDOWS\system32\xcsDd01
2008-04-17 11:38 . 2008-04-17 11:38 <DIR> d-------- C:\Temp\berDrv11
2008-04-17 11:38 . 2008-04-17 11:38 <DIR> d-------- C:\Temp
2008-04-17 11:33 . 2008-04-17 11:33 <DIR> d-------- C:\WINDOWS\Sun
2008-04-15 21:11 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-15 21:11 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-15 21:11 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-15 21:11 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-04-15 21:11 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-04-15 21:11 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-04-15 21:11 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-15 13:35 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-04-15 13:35 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-04-15 13:35 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-04-15 13:35 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-15 13:35 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-04-15 13:35 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-04-15 13:35 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-04-15 13:35 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-04-15 13:35 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-04-15 13:35 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-04-15 13:33 . 2004-08-04 08:56 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2008-04-15 13:29 . 2008-04-15 13:29 <DIR> d--h----- C:\WINDOWS\msdownld.tmp
2008-04-12 11:51 . 2008-04-12 11:51 <DIR> d-------- C:\Program Files\Google
2008-04-06 20:24 . 2008-04-06 20:24 <DIR> d--hs---- C:\Documents and Settings\Administrator\UserData
2008-04-03 20:11 . 2008-04-03 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-04-03 19:24 . 2008-04-03 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-04-03 19:24 . 2008-04-03 19:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-04-01 13:34 . 2008-04-01 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TP-LINK
2008-04-01 13:34 . 2007-02-06 23:06 544,640 --a------ C:\WINDOWS\system32\drivers\ar5211.sys
2008-04-01 13:34 . 2007-02-06 23:06 544,640 --a------ C:\WINDOWS\system32\ar5211.sys
2008-04-01 13:34 . 2007-03-13 18:13 62,028 --a------ C:\WINDOWS\system32\net5211.inf
2008-04-01 13:34 . 2007-02-13 10:09 19,380 --a------ C:\WINDOWS\system32\net5211.cat
2008-04-01 13:33 . 2008-04-01 13:33 <DIR> d--hs---- C:\Recycled
2008-04-01 12:46 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-04-01 12:46 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-04-01 12:46 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-04-01 12:46 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-04-01 12:46 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-04-01 12:46 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-04-01 12:46 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-04-01 12:46 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-04-01 12:46 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-04-17 10:39 --------- d-----w C:\Program Files\?asks
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 14:50 80,896 ----a-w C:\WINDOWS\system32\dxdllreg.exe
2008-03-01 17:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC80388B-D530-8EB9-11E0-A18F03217A90}]
C:\WINDOWS\System32\huik.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-12 11:51 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2003-02-24 15:35 163840 C:\WINDOWS\system32\pctspk.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2001-10-10 00:12 151552]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2001-10-10 00:04 98304]
"TWCU"="C:\Program Files\TP-LINK\TL-WN310G_350G_351Gv5.0_TL-WN360Gv1.0\TWCU.exe" [2007-03-13 18:20 479412]
"8822ac3a"="C:\WINDOWS\System32\uuojxrcf.dll" [ ]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;C:\WINDOWS\system32\drivers\Vch.sys [2001-10-10 09:44]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-11-15 02:00]

.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-26 10:08:14
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\SYSTEM32\ACS.EXE
C:\WINDOWS\SYSTEM32\WSCNTFY.EXE
C:\PROGRAM FILES\OPENOFFICE.ORG 2.3\PROGRAM\SOFFICE.EXE
C:\PROGRAM FILES\OPENOFFICE.ORG 2.3\PROGRAM\SOFFICE.BIN
C:\WINDOWS\SYSTEM32\WBEM\UNSECAPP.EXE
.
**************************************************************************
.
Completion time: 2008-04-26 10:09:32 - machine was rebooted
ComboFix-quarantined-files.txt 2008-04-26 09:09:28

Pre-Run: 9,698,738,176 bytes free
Post-Run: 9,696,280,576 bytes free

231 --- E O F --- 2008-04-19 20:41:41
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Download OTMoveIt2 at http://download.blee...r/OTMoveIt2.exe
* Save it to your desktop.
* Double-click OTMoveIt2.exe to run it. (Vista users, right click on OTMoveIt2.exe and select Run as an Administrator).
* Copy the file paths below to the clipboard by highlighting ALL of them and pressing CTRL + C (or, after highlighting, right-click and choose Copy):

C:\Program Files\?asks

* Return to OTMoveIt2. Right click in the Paste List of Files/Folders to Move window (under the Yellow bar) and choose Paste.
* Click the red Moveit! button.
* A log of files and folders moved will be created in the C:\_OTMoveIt\MovedFiles folder in the form of Date and Time (mmddyyyy_hhmmss.log). Please open this log in Notepad and post its contents in your next reply.
* Close OTMoveIt2.

If a file or folder cannot be moved immediately you may be asked to reboot the machine to finish the move process. If you are asked to reboot the machine choose Yes.


Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy and paste the text into the quotebox below:

File::
C:\WINDOWS\system32\{949b97fa-5aba-7cd5-5dcf-707b44664979}.dll-uninst.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\System32\huik.dll
Folder::
C:\WINDOWS\dXNlcg
C:\WINDOWS\system32\resID
C:\WINDOWS\system32\oope
C:\WINDOWS\system32\cDe
C:\Program Files\çasks
C:\WINDOWS\system32\xcsDd01
C:\Temp\berDrv11
C:\WINDOWS\msdownld.tmp
Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{CC80388B-D530-8EB9-11E0-A18F03217A90}]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"8822ac3a"=-

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is the computer running so far?
  • 0

#3
Cjester

Cjester

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
The computer is running much slower since getting the virus in particular the internet which is extremely slow. Below are the results from the step you posted:

< C:\Program Files\?asks >
C:\Program Files\Τasks moved successfully.

OTMoveIt2 by OldTimer - Version 1.0.4.1 log created on 04272008_153611

Then from combofix:

ComboFix 08-04-24.1 - Administrator 2008-04-27 15:48:14.2 - FAT32x86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.287 [GMT 1:00]
Running from: C:\Documents and Settings\Administrator\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Administrator\Desktop\CFScript.txt
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

FILE ::
C:\WINDOWS\system32\{949b97fa-5aba-7cd5-5dcf-707b44664979}.dll-uninst.exe
C:\WINDOWS\System32\huik.dll
C:\WINDOWS\system32\winpfz33.sys
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Temp\berDrv11
C:\Temp\berDrv11\fxpNbu.log
C:\WINDOWS\dXNlcg
C:\WINDOWS\msdownld.tmp
C:\WINDOWS\system32\{949b97fa-5aba-7cd5-5dcf-707b44664979}.dll-uninst.exe
C:\WINDOWS\system32\cDe
C:\WINDOWS\system32\oope
C:\WINDOWS\system32\resID
C:\WINDOWS\system32\resID\produtl481.exe
C:\WINDOWS\system32\winpfz33.sys
C:\WINDOWS\system32\xcsDd01
C:\WINDOWS\system32\xcsDd01\xcsDd011065.exe

.
((((((((((((((((((((((((( Files Created from 2008-03-27 to 2008-04-27 )))))))))))))))))))))))))))))))
.

2008-04-27 15:36 . 2008-04-27 15:36 <DIR> d-------- C:\_OTMoveIt
2008-04-26 12:29 . 2004-08-04 07:07 59,264 --a------ C:\WINDOWS\system32\drivers\USBAUDIO.sys
2008-04-26 12:29 . 2004-08-04 07:07 59,264 --a------ C:\WINDOWS\system32\dllcache\usbaudio.sys
2008-04-26 12:24 . 2004-08-04 07:08 31,616 --a------ C:\WINDOWS\system32\drivers\usbccgp.sys
2008-04-26 12:24 . 2004-08-04 07:08 31,616 --a------ C:\WINDOWS\system32\dllcache\usbccgp.sys
2008-04-21 22:45 . 2008-04-21 22:45 <DIR> d-------- C:\Program Files\SweetIM
2008-04-21 22:45 . 2008-04-21 22:45 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SweetIM
2008-04-18 19:34 . 2007-07-30 19:19 271,224 --a------ C:\WINDOWS\system32\mucltui.dll
2008-04-18 19:34 . 2007-07-30 19:19 207,736 --a------ C:\WINDOWS\system32\muweb.dll
2008-04-18 19:34 . 2007-07-30 19:19 30,072 --a------ C:\WINDOWS\system32\mucltui.dll.mui
2008-04-18 15:41 . 2008-04-18 15:41 <DIR> d-------- C:\Documents and Settings\Administrator\Contacts
2008-04-18 15:29 . 2008-04-18 15:29 <DIR> d-------- C:\Program Files\Windows Live
2008-04-18 15:29 . 2008-04-18 15:29 <DIR> d--hs---- C:\Program Files\Common Files\WindowsLiveInstaller
2008-04-18 15:29 . 2008-04-18 15:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\WLInstaller
2008-04-18 14:38 . 2008-04-18 14:38 <DIR> d-------- C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-04-18 14:36 . 2006-08-21 10:14 128,896 --------- C:\WINDOWS\system32\dllcache\fltmgr.sys
2008-04-18 14:36 . 2006-08-21 10:14 23,040 --------- C:\WINDOWS\system32\dllcache\fltmc.exe
2008-04-18 14:36 . 2006-08-21 13:21 16,896 --------- C:\WINDOWS\system32\dllcache\fltlib.dll
2008-04-18 14:15 . 2007-07-09 14:16 582,656 --------- C:\WINDOWS\system32\dllcache\rpcrt4.dll
2008-04-18 12:49 . 2008-03-01 14:06 459,264 --------- C:\WINDOWS\system32\dllcache\msfeeds.dll
2008-04-18 12:49 . 2008-03-01 14:06 267,776 --------- C:\WINDOWS\system32\dllcache\iertutil.dll
2008-04-18 12:49 . 2008-03-01 14:06 63,488 --------- C:\WINDOWS\system32\dllcache\icardie.dll
2008-04-18 12:49 . 2008-03-01 14:06 52,224 --------- C:\WINDOWS\system32\dllcache\msfeedsbs.dll
2008-04-18 12:49 . 2008-02-22 11:00 13,824 --------- C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-04-18 12:48 . 2008-03-01 14:06 6,066,176 --------- C:\WINDOWS\system32\dllcache\ieframe.dll
2008-04-18 12:48 . 2007-07-01 04:31 2,455,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dat
2008-04-18 12:48 . 2007-07-01 04:36 991,232 --------- C:\WINDOWS\system32\dllcache\ieframe.dll.mui
2008-04-18 12:48 . 2008-03-01 14:06 383,488 --------- C:\WINDOWS\system32\dllcache\ieapfltr.dll
2008-04-18 12:47 . 2007-08-13 18:54 33,792 --a------ C:\WINDOWS\system32\dllcache\custsat.dll
2008-04-18 12:27 . 2008-04-18 12:27 <DIR> d-------- C:\WINDOWS\system32\DRVSTORE
2008-04-18 12:27 . 2007-03-29 13:56 409,600 --------- C:\WINDOWS\system32\dllcache\qmgr.dll
2008-04-18 12:27 . 2007-03-29 13:56 18,944 --------- C:\WINDOWS\system32\dllcache\qmgrprxy.dll
2008-04-18 12:27 . 2007-03-29 13:56 8,192 --------- C:\WINDOWS\system32\dllcache\bitsprx2.dll
2008-04-18 12:27 . 2007-03-29 13:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx4.dll
2008-04-18 12:27 . 2007-03-29 13:56 7,168 --------- C:\WINDOWS\system32\dllcache\bitsprx3.dll
2008-04-18 12:27 . 2007-03-29 13:56 7,168 --------- C:\WINDOWS\system32\bitsprx4.dll
2008-04-18 11:16 . 2008-04-18 11:58 316,640 --a------ C:\WINDOWS\WMSysPr9.prx
2008-04-18 11:16 . 2004-08-04 08:56 221,184 --a------ C:\WINDOWS\system32\wmpns.dll
2008-04-18 11:14 . 2008-04-18 11:14 <DIR> d-------- C:\WINDOWS\provisioning
2008-04-18 11:14 . 2008-04-18 11:14 <DIR> d-------- C:\WINDOWS\peernet
2008-04-18 11:10 . 2008-04-18 11:10 <DIR> d-------- C:\WINDOWS\ServicePackFiles
2008-04-18 10:59 . 2008-04-18 11:00 <DIR> d-------- C:\WINDOWS\EHome
2008-04-18 01:14 . 2002-04-15 21:11 67,866 --------- C:\WINDOWS\system32\drivers\netwlan5.img
2008-04-18 01:14 . 2004-08-04 00:56 11,776 --------- C:\WINDOWS\system32\spnpinst.exe
2008-04-18 01:14 . 2004-08-02 14:20 7,208 --------- C:\WINDOWS\system32\secupd.sig
2008-04-18 01:14 . 2004-08-02 14:20 4,569 --------- C:\WINDOWS\system32\secupd.dat
2008-04-18 00:17 . 2005-10-20 23:20 1,082,368 --a------ C:\WINDOWS\system32\esent.dll
2008-04-18 00:09 . 2008-04-18 00:09 <DIR> d-------- C:\WINDOWS\system32\bits
2008-04-18 00:08 . 2008-04-18 00:08 <DIR> d--h----- C:\WINDOWS\$hf_mig$
2008-04-18 00:08 . 2005-06-28 10:21 22,752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2008-04-17 21:58 . 2004-08-04 08:56 351,232 --a------ C:\WINDOWS\system32\winhttp.dll
2008-04-17 21:58 . 2007-03-29 13:56 18,944 --a------ C:\WINDOWS\system32\qmgrprxy.dll
2008-04-17 21:58 . 2007-03-29 13:56 8,192 --a------ C:\WINDOWS\system32\bitsprx2.dll
2008-04-17 21:58 . 2007-03-29 13:56 7,168 --a------ C:\WINDOWS\system32\bitsprx3.dll
2008-04-17 16:14 . 2008-04-17 16:14 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-04-17 16:14 . 2008-04-17 16:14 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-04-17 16:14 . 2008-04-17 16:14 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\SUPERAntiSpyware.com
2008-04-17 12:44 . 2008-04-17 12:44 9,662 --a------ C:\WINDOWS\system32\ZoneAlarmIconUK.ico
2008-04-17 11:38 . 2008-04-17 11:38 <DIR> d-------- C:\Temp
2008-04-17 11:33 . 2008-04-17 11:33 <DIR> d-------- C:\WINDOWS\Sun
2008-04-15 21:11 . 2007-07-30 19:19 549,720 --a------ C:\WINDOWS\system32\wuapi.dll
2008-04-15 21:11 . 2007-07-30 19:19 325,976 --a------ C:\WINDOWS\system32\wucltui.dll
2008-04-15 21:11 . 2007-07-30 19:19 216,408 --a------ C:\WINDOWS\system32\wuaucpl.cpl
2008-04-15 21:11 . 2007-07-30 19:19 203,096 --a------ C:\WINDOWS\system32\wuweb.dll
2008-04-15 21:11 . 2004-08-03 14:03 186,136 --a------ C:\WINDOWS\system32\wuaueng1.dll
2008-04-15 21:11 . 2004-08-03 14:01 167,704 --a------ C:\WINDOWS\system32\wuauclt1.exe
2008-04-15 21:11 . 2007-07-30 19:18 33,624 --a------ C:\WINDOWS\system32\wups.dll
2008-04-15 13:35 . 2008-03-05 15:56 3,786,760 --a------ C:\WINDOWS\system32\D3DX9_37.dll
2008-04-15 13:35 . 2007-10-12 15:14 3,734,536 --a------ C:\WINDOWS\system32\d3dx9_36.dll
2008-04-15 13:35 . 2008-03-05 15:56 1,420,824 --a------ C:\WINDOWS\system32\D3DCompiler_37.dll
2008-04-15 13:35 . 2007-10-12 15:14 1,374,232 --a------ C:\WINDOWS\system32\D3DCompiler_36.dll
2008-04-15 13:35 . 2008-03-05 16:03 479,752 --a------ C:\WINDOWS\system32\XAudio2_0.dll
2008-04-15 13:35 . 2008-02-05 23:07 462,864 --a------ C:\WINDOWS\system32\d3dx10_37.dll
2008-04-15 13:35 . 2007-10-02 09:56 444,776 --a------ C:\WINDOWS\system32\d3dx10_36.dll
2008-04-15 13:35 . 2007-10-22 03:39 267,272 --a------ C:\WINDOWS\system32\xactengine2_10.dll
2008-04-15 13:35 . 2008-03-05 16:03 238,088 --a------ C:\WINDOWS\system32\xactengine3_0.dll
2008-04-15 13:35 . 2008-03-05 16:00 25,608 --a------ C:\WINDOWS\system32\X3DAudio1_3.dll
2008-04-15 13:33 . 2004-08-04 08:56 2,113,536 --a------ C:\WINDOWS\system32\dxdiagn.dll
2008-04-12 11:51 . 2008-04-12 11:51 <DIR> d-------- C:\Program Files\Google
2008-04-06 20:24 . 2008-04-06 20:24 <DIR> d--hs---- C:\Documents and Settings\Administrator\UserData
2008-04-03 20:11 . 2008-04-03 20:11 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\OpenOffice.org2
2008-04-03 19:24 . 2008-04-03 19:24 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\MSN6
2008-04-03 19:24 . 2008-04-03 19:24 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\MSN6
2008-04-01 13:34 . 2008-04-01 13:34 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\TP-LINK
2008-04-01 13:34 . 2007-02-06 23:06 544,640 --a------ C:\WINDOWS\system32\drivers\ar5211.sys
2008-04-01 13:34 . 2007-02-06 23:06 544,640 --a------ C:\WINDOWS\system32\ar5211.sys
2008-04-01 13:34 . 2007-03-13 18:13 62,028 --a------ C:\WINDOWS\system32\net5211.inf
2008-04-01 13:34 . 2007-02-13 10:09 19,380 --a------ C:\WINDOWS\system32\net5211.cat
2008-04-01 13:33 . 2008-04-01 13:33 <DIR> d--hs---- C:\Recycled
2008-04-01 12:46 . 2004-01-14 11:25 81,920 --a------ C:\WINDOWS\system32\ZDPN50.DLL
2008-04-01 12:46 . 2005-03-18 15:35 31,744 --a------ C:\WINDOWS\system32\drivers\ZDPSp50a64.sys
2008-04-01 12:46 . 2005-06-08 18:44 29,184 --a------ C:\WINDOWS\system32\drivers\BRGSp50a64.sys
2008-04-01 12:46 . 2004-03-23 16:38 28,672 --a------ C:\WINDOWS\system32\InsDrvZD.dll
2008-04-01 12:46 . 2003-03-14 12:24 24,576 --a------ C:\WINDOWS\system32\ZyDelReg.exe
2008-04-01 12:46 . 2005-06-08 18:44 20,608 --a------ C:\WINDOWS\system32\drivers\BRGSp50.sys
2008-04-01 12:46 . 2004-10-25 13:40 17,664 --a------ C:\WINDOWS\system32\drivers\ZDPSp50.sys
2008-04-01 12:46 . 2004-01-14 11:30 17,151 --a------ C:\WINDOWS\system32\ZDPNDIS5.SYS
2008-04-01 12:46 . 2005-07-12 14:44 15,872 --a------ C:\WINDOWS\system32\InsDrvZD64.DLL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-19 09:47 1,845,248 ----a-w C:\WINDOWS\system32\win32k.sys
2008-03-19 09:47 1,845,248 ------w C:\WINDOWS\system32\dllcache\win32k.sys
2008-03-05 14:50 80,896 ----a-w C:\WINDOWS\system32\dxdllreg.exe
2008-03-01 17:36 3,591,680 ------w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-02-29 08:55 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-02-29 08:55 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-02-20 06:51 282,624 ----a-w C:\WINDOWS\system32\gdi32.dll
2008-02-20 06:51 282,624 ------w C:\WINDOWS\system32\dllcache\gdi32.dll
2008-02-20 05:32 45,568 ----a-w C:\WINDOWS\system32\dnsrslvr.dll
2008-02-20 05:32 45,568 ------w C:\WINDOWS\system32\dllcache\dnsrslvr.dll
2008-02-20 05:32 148,992 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-02-15 05:44 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
.

((((((((((((((((((((((((((((( [email protected]_10.09.06.18 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-04-26 08:58:50 2,048 --s-a-w C:\WINDOWS\bootstat.dat
+ 2008-04-27 14:33:16 2,048 --s-a-w C:\WINDOWS\bootstat.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{EEE6C35C-6118-11DC-9C72-001320C79847}]
2008-03-27 14:12 1164600 --a------ C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= "C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll" [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\Software\Microsoft\Internet Explorer\Toolbar\WebBrowser]
"{EEE6C35B-6118-11DC-9C72-001320C79847}"= C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgToolbarIE.dll [2008-03-27 14:12 1164600]

[HKEY_CLASSES_ROOT\clsid\{eee6c35b-6118-11dc-9c72-001320c79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE.3]
[HKEY_CLASSES_ROOT\TypeLib\{EEE6C35E-6118-11DC-9C72-001320C79847}]
[HKEY_CLASSES_ROOT\SWEETIE.SWEETIE]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\1.2.1128.5462\GoogleToolbarNotifier.exe" [2008-04-12 11:51 171448]
"MsnMsgr"="C:\Program Files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 11:34 5724184]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PCTVOICE"="pctspk.exe" [2003-02-24 15:35 163840 C:\WINDOWS\system32\pctspk.exe]
"IgfxTray"="C:\WINDOWS\System32\igfxtray.exe" [2001-10-10 00:12 151552]
"HotKeysCmds"="C:\WINDOWS\System32\hkcmd.exe" [2001-10-10 00:04 98304]
"TWCU"="C:\Program Files\TP-LINK\TL-WN310G_350G_351Gv5.0_TL-WN360Gv1.0\TWCU.exe" [2007-03-13 18:20 479412]
"SweetIM"="C:\Program Files\SweetIM\Messenger\SweetIM.exe" [2008-03-27 19:31 111928]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\System32\CTFMON.EXE" [2004-08-04 08:56 15360]

C:\Documents and Settings\Administrator\Start Menu\Programs\Startup\
OpenOffice.org 2.3.lnk - C:\Program Files\OpenOffice.org 2.3\program\quickstart.exe [2007-08-17 22:57:56 393216]

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=

R3 {A7E39B01-B403-11d4-BD18-00D0B7A1821E};AIM 3.0 Part 01 Codec Driver VCH-A;C:\WINDOWS\system32\drivers\Vch.sys [2001-10-10 09:44]
R3 WSIMD;wsimd Service;C:\WINDOWS\system32\DRIVERS\wsimd.sys [2006-11-15 02:00]

*Newly Created Service* - CATCHME
.
**************************************************************************

catchme 0.3.1353 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-04-27 15:49:39
Windows 5.1.2600 Service Pack 2 FAT NTAPI

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-04-27 15:50:19
ComboFix-quarantined-files.txt 2008-04-27 14:50:18
ComboFix2.txt 2008-04-26 09:09:34

Pre-Run: 9,530,736,640 bytes free
Post-Run: 9,652,158,464 bytes free

206 --- E O F --- 2008-04-19 20:41:41


Please let me know if there's anything else that needs to be done
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Follow all the below steps and post the logs requested...

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Download HijackThis at http://www.greyknigh.../HijackThis.exe Create a folder at C:\HJT and move HijackThis.exe there. Double-click on the program to run it.

1. If it gives you an intro screen, just choose Do a system scan and save a logfile.
2. If you don't get the intro screen, just hit Scan and then click on Save log.
3. Post the hijackthis.log file here. Do not fix anything in HijackThis since they may be harmless.

  • 0

#5
Cjester

Cjester

    New Member

  • Topic Starter
  • Member
  • Pip
  • 4 posts
Below is the result from the Malwarebytes' Anti Malware:

Malwarebytes' Anti-Malware 1.11
Database version: 694

Scan type: Full Scan (C:\|)
Objects scanned: 61494
Time elapsed: 46 minute(s), 44 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 3
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 4

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\AntiSpywareMaster (Rogue.AntiSpywareMaster) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\Software\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affri (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\System Volume Information\_restore{DB8F2612-6400-4F2F-A6B3-9D02B1E40C8E}\RP151\A0022861.exe (Trojan.DownLoader) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{DB8F2612-6400-4F2F-A6B3-9D02B1E40C8E}\RP151\A0022862.exe (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\{949b97fa-5aba-7cd5-5dcf-707b44664979}.dll-uninst.exe.vir (Adware.Agent) -> Quarantined and deleted successfully.
C:\QooBox\Quarantine\C\WINDOWS\system32\xcsDd01\xcsDd011065.exe.vir (Trojan.DownLoader) -> Quarantined and deleted successfully.


My system has been running much smoother after the last action, thanks for the help it's made a heap of difference
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Run Combofix one more time and post the log here.

Also run a new HijackThis scan and post the log here. Just want to take one final look before we close this issue.
  • 0

#7
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Due to lack of feedback, this topic has been closed.

If you need this topic reopened, please contact a staff member. This applies only to the original topic starter. Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP