Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

worm.win32.netbooster infection [RESOLVED]


  • This topic is locked This topic is locked

#1
Kevdj

Kevdj

    New Member

  • Member
  • Pip
  • 8 posts
Have managed to clean most of my laptop but require some help ensuring the laptop of free from this.

Windows XP SP2, is operating system.

Problems that I had:
• Various system error messages popping up stating virus infection please download software and directing to a website (cleaned through a combination of the first three tasks below)
• Next to clock on task bar VIRUS ALERT! (Malwarebytes’ Anti-Malware cleaned this)
• Start Menu All programmes icon missing unable to locate – (re-appeared after MBAM and final SUPERAntiSpyware scan)

Notice that Adware Vundo Variant plus Trojan of unknown origina keep appearing in SUPERAntiSpyware scan.

Have run the following to get rid of the problems experienced:
• SmitRem
• SmitFraudfix (options 1 and 2)
• SUPERAntiSpyware Professional Trial Version
• Bit Defender
• Malwarebytes’ Rouge Remover (didn’t detect any items)
• ATF Cleaner
• Malwarebytes’ Anti-Malware
• VundoFix (no infected files found)
• Highjack This

Also had to run VBScript to enable regedit again and run RegCure found 1152 registry errors although had to purchase to fix (not done, should I?).

Have Spyware Doctor with anti-virus (normal protection software) and XSoftSpy SE (back-up spyware software)

Can anybody assist in completing the final clean-up? Have run Hijack This but now need advice as to what I should remove.

Below are latest SUPERAntispyware, MBAM, Hijack This logs.


Many Thanks in Advance

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 07/15/2008 at 10:10 PM

Application Version : 4.15.1000

Core Rules Database Version : 3504
Trace Rules Database Version: 1495

Scan type : Complete Scan
Total Scan Time : 01:29:41

Memory items scanned : 481
Memory threats detected : 0
Registry items scanned : 6092
Registry threats detected : 0
File items scanned : 96209
File threats detected : 13

Trojan.Unknown Origin
C:\DOCUMENTS AND SETTINGS\KEV\KEVIN JENNINGS\LOCAL SETTINGS\TEMP\NSL10.TMP
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C6BED097-2B01-4377-A855-58AF73DFC380}\RP604\A0152726.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C6BED097-2B01-4377-A855-58AF73DFC380}\RP604\A0152729.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C6BED097-2B01-4377-A855-58AF73DFC380}\RP604\A0153724.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C6BED097-2B01-4377-A855-58AF73DFC380}\RP604\A0154726.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C6BED097-2B01-4377-A855-58AF73DFC380}\RP604\A0154727.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C6BED097-2B01-4377-A855-58AF73DFC380}\RP606\A0156789.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C6BED097-2B01-4377-A855-58AF73DFC380}\RP606\A0156790.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C6BED097-2B01-4377-A855-58AF73DFC380}\RP606\A0157820.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C6BED097-2B01-4377-A855-58AF73DFC380}\RP606\A0157821.ICO
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C6BED097-2B01-4377-A855-58AF73DFC380}\RP606\A0163066.DLL

Adware.Vundo Variant
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C6BED097-2B01-4377-A855-58AF73DFC380}\RP606\A0163067.DLL
C:\SYSTEM VOLUME INFORMATION\_RESTORE{C6BED097-2B01-4377-A855-58AF73DFC380}\RP606\A0163068.DLL

------------------------------------------------------------------------------------------------------------------------------------------------------------------------------
Malwarebytes' Anti-Malware 1.20
Database version: 957
Windows 5.1.2600 Service Pack 2

20:29:32 15/07/2008
mbam-log-7-15-2008 (20-29-26).txt

Scan type: Full Scan (C:\|)
Objects scanned: 134331
Time elapsed: 53 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 5
Registry Values Infected: 2
Registry Data Items Infected: 8
Folders Infected: 0
Files Infected: 5

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{42e2b43f-3954-48ec-b549-5c05cb7dbd0a} (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\VSPlugin (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\sqvgnrpx.bwbf (Trojan.FakeAlert) -> No action taken.
HKEY_CLASSES_ROOT\sqvgnrpx.toolbar.1 (Trojan.FakeAlert) -> No action taken.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fdxbameg (Trojan.FakeAlert) -> No action taken.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\fsrpknov (Trojan.FakeAlert) -> No action taken.

Registry Data Items Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\ProductId (Trojan.FakeAlert) -> Bad: (VIRUS ALERT!) Good: (76477-OEM-0011903-00117) -> No action taken.
HKEY_CURRENT_USER\Control Panel\International\sTimeFormat (Trojan.FakeAlert) -> Bad: (HH:mm: VIRUS ALERT!) Good: (HH:mm:ss) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\Advanced\Start_ShowSearch (Hijack.StartMenu) -> Bad: (0) Good: (1) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoStartMenuMorePrograms (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\StartMenuLogOff (Hijack.StartMenu) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoDrives (Hijack.Drives) -> Bad: (12) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoToolbarCustomize (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\NoSetFolders (Hijack.Explorer) -> Bad: (1) Good: (0) -> No action taken.

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\Motorola Phone Tools\MPT_TEST_Info.exe (Trojan.Agent) -> No action taken.
C:\System Volume Information\_restore{C6BED097-2B01-4377-A855-58AF73DFC380}\RP606\A0156788.exe (Rogue.Installer) -> No action taken.
C:\System Volume Information\_restore{C6BED097-2B01-4377-A855-58AF73DFC380}\RP606\A0163063.exe (Trojan.FakeAlert) -> No action taken.
C:\System Volume Information\_restore{C6BED097-2B01-4377-A855-58AF73DFC380}\RP606\A0163065.exe (Trojan.FakeAlert) -> No action taken.
C:\Documents and Settings\Kev\Application Data\TmpRecentIcons\Vista Antivirus 2008.lnk (Rogue.Link) -> No action taken.


------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:52:06, on 15/07/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\WINDOWS\system32\cisvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Kontiki\KService.exe
c:\Program Files\Common Files\Microsoft Shared\VS7Debug\mdm.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\WINDOWS\system32\slserv.exe
C:\Program Files\Windows Media Player\WMPNetwk.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\WINDOWS\SOUNDMAN.EXE
C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
C:\WINDOWS\system32\kmw_run.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe
C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
C:\Program Files\Kontiki\KHost.exe
C:\PROGRA~1\Yahoo!\YOP\yop.exe
C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\TomTom HOME 2\HOMERunner.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\KMW_SHOW.EXE
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\Program Files\Skype\Phone\Skype.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Messenger\msmsgs.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Yahoo!\browser\ybrowser.exe
C:\WINDOWS\system32\cidaemon.exe
C:\WINDOWS\system32\cidaemon.exe
C:\Program Files\Office\OFFICE11\WINWORD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://home.bt.yahoo.com
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O2 - BHO: eBay Toolbar Helper - {22D8E815-4A5E-4DFB-845E-AAB64207F5BD} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O2 - BHO: {8b28f097-e4ff-68fa-fdf4-13f75b05667a} - {a76650b5-7f31-4fdf-af86-ff4e790f82b8} - C:\WINDOWS\system32\mwkzjd.dll (file missing)
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: SidebarAutoLaunch Class - {F2AA9440-6328-4933-B7C9-A6CCDF9CBF6D} - C:\Program Files\Yahoo!\browser\YSidebarIEBHO.dll
O2 - BHO: (no name) - {FDD3B846-8D59-4ffb-8758-209B6AD74ACC} - (no file)
O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn1\yt.dll
O3 - Toolbar: eBay Toolbar - {92085AD4-F48A-450D-BD93-B28CC7DF67CE} - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O3 - Toolbar: Easy-WebPrint - {327C2873-E90D-4c37-AA9D-10AC9BABA46C} - C:\Program Files\Canon\Easy-WebPrint\Toolband.dll
O4 - HKLM\..\Run: [ATIModeChange] Ati2mdxx.exe
O4 - HKLM\..\Run: [ATIPTA] C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
O4 - HKLM\..\Run: [SoundMan] SOUNDMAN.EXE
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [Microsoft Works Update Detection] C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe
O4 - HKLM\..\Run: [kmw_run.exe] kmw_run.exe
O4 - HKLM\..\Run: [OdTray.exe] "C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe"
O4 - HKLM\..\Run: [HydraVisionDesktopManager] C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe
O4 - HKLM\..\Run: [4oD] "C:\Program Files\Kontiki\KHost.exe" -all
O4 - HKLM\..\Run: [UserFaultCheck] %systemroot%\system32\dumprep 0 -u
O4 - HKLM\..\Run: [YOP] C:\PROGRA~1\Yahoo!\YOP\yop.exe /autostart
O4 - HKLM\..\Run: [YBrowser] C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [TomTomHOME.exe] "C:\Program Files\TomTom HOME 2\HOMERunner.exe" -s
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [eBayToolbar] C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe
O4 - HKLM\..\Run: [Easy-PrintToolBox] C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE /logon
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [Adobe Photo Downloader] "C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [kdx] C:\Program Files\Kontiki\KHost.exe -all
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O4 - HKCU\..\Run: [Yahoo! Pager] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet
O4 - HKCU\..\Run: [updateMgr] "C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" AcRdB7_0_9 -reboot 1
O4 - HKCU\..\Run: [Skype] "C:\Program Files\Skype\Phone\Skype.exe" /nosplash /minimized
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - Global Startup: Microsoft Office OneNote 2003 Quick Launch.lnk = C:\Program Files\Office\OFFICE11\ONENOTEM.EXE
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\Office\OFFICE11\EXCEL.EXE/3000
O8 - Extra context menu item: Easy-WebPrint Add To Print List - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 - Extra context menu item: Easy-WebPrint High Speed Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 - Extra context menu item: Easy-WebPrint Preview - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 - Extra context menu item: Easy-WebPrint Print - res://C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 - Extra context menu item: eBay Search - res://C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html
O9 - Extra button: BT Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\PROGRA~1\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\Office\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {2D8ED06D-3C30-438B-96AE-4D110FDC1FB8} (ActiveScan 2.0 Installer Class) - http://acs.pandasoft...s/as2stubie.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitd...can8/oscan8.cab
O18 - Protocol: skype4com - {FFC8B962-9B40-4DFF-9458-1830C7DD7F5D} - C:\PROGRA~1\COMMON~1\Skype\SKYPE4~1.DLL
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL
O23 - Service: Adobe Active File Monitor V5 (AdobeActiveFileMonitor5.0) - Unknown owner - C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - Unknown owner - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1150\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: KService - Unknown owner - C:\Program Files\Kontiki\KService.exe
O23 - Service: Odyssey Client (odClientService) - Funk Software, Inc. - C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: SmartLinkService (SLService) - - C:\WINDOWS\SYSTEM32\slserv.exe
O23 - Service: Symantec RemoteAssist - Symantec, Inc. - C:\Program Files\Common Files\Symantec Shared\Support Controls\ssrc.exe
O23 - Service: YPCService - Yahoo! Inc. - C:\WINDOWS\system32\YPCSER~1.EXE

--
End of file - 11946 bytes
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Welcome to GTG.

No need to purchase anything. We can usually clean out most computers using the free tools we have :)

Uninstall Kontiki via your Add/Remove Programs panel if you didn't install it.

Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Download ATF Cleaner at http://www.atribune..../click.php?id=1
Double-click ATF-Cleaner.exe to run the program. Under Main choose Select All
Click the Empty Selected button.

If you use the Firefox browser click Firefox at the top and choose Select All
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

If you use the Opera browser click 'Opera' at the top and choose 'Select All'
Click the Empty Selected button.
NOTE: If you would like to keep your saved passwords, please click No at the prompt.

Click Exit on the Main menu to close the program.


Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://uk.red.client...arch.yahoo.com/
O2 - BHO: {8b28f097-e4ff-68fa-fdf4-13f75b05667a} - {a76650b5-7f31-4fdf-af86-ff4e790f82b8} - C:\WINDOWS\system32\mwkzjd.dll (file missing)


Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
Kevdj

Kevdj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Thanks for answering my cal for help.

Before I follow your instructions, I have two questions:

I could not find Kontiki in my add/remove programmes list and the first two items to remove in the Hijackthis log, should I remove as I have BTYahoo as my ISP and homapage via a custom internet browser provided by the ISP?
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Proceed to Combofix....

You may keep the homepage if you use it.
  • 0

#5
Kevdj

Kevdj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
Have followed your instructions (operation of combofix slightly different to that described in bleepingcomputer.com, it rebooted before creating the log).

Below is the Combofix log. :)

ComboFix 08-07-20.A0 - Kev 2008-07-21 20:34:23.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.507 [GMT 1:00]
Running from: C:\Documents and Settings\Kev\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kev\Desktop\WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gcjrdvec.ini
C:\WINDOWS\system32\IQYcMnmp.ini
C:\WINDOWS\system32\IQYcMnmp.ini2

.
((((((((((((((((((((((((( Files Created from 2008-06-21 to 2008-07-21 )))))))))))))))))))))))))))))))
.

2008-07-15 22:51 . 2008-07-15 22:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-15 19:35 . 2008-07-15 20:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-15 19:35 . 2008-07-15 19:35 <DIR> d-------- C:\Documents and Settings\Kev\Application Data\Malwarebytes
2008-07-15 19:35 . 2008-07-15 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-15 19:35 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-15 19:35 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-15 18:59 . 2008-07-15 19:06 <DIR> d-------- C:\Program Files\RegCure
2008-07-14 21:46 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-14 21:45 . 2008-07-14 21:45 <DIR> d-------- C:\Program Files\Panda Security
2008-07-14 21:25 . 2008-07-14 21:25 <DIR> d-------- C:\VundoFix Backups
2008-07-14 19:07 . 2008-07-14 20:54 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-14 16:08 . 2008-07-14 16:09 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-07-11 07:16 . 2008-07-11 07:16 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-11 06:52 . 2008-07-11 06:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-11 06:46 . 2008-07-14 21:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-11 06:46 . 2008-07-11 06:46 <DIR> d-------- C:\Documents and Settings\Kev\Application Data\SUPERAntiSpyware.com
2008-07-11 06:45 . 2008-07-11 06:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-10 21:51 . 2008-04-20 13:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-10 21:51 . 2008-07-10 21:51 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-10 19:41 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-10 19:41 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-10 19:41 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-10 19:41 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-10 19:41 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-10 19:41 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-10 19:41 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-10 19:41 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-10 19:41 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-21 19:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-07-21 19:43 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-21 19:40 7,304 ----a-w C:\WINDOWS\TMP0001.TMP
2008-07-21 19:28 --------- d-----w C:\Documents and Settings\Kev\Application Data\Skype
2008-07-19 07:31 --------- d-----w C:\Program Files\Spyware Doctor
2008-07-14 18:01 --------- d-----w C:\Program Files\XoftSpySE
2008-07-11 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-07-01 10:04 --------- d-----w C:\Documents and Settings\Kev\Application Data\ErrorSmart
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-15 16:10 --------- d-----w C:\Documents and Settings\Kev\Application Data\Apple Computer
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-12 05:27 159,880 ----a-w C:\WINDOWS\system32\drivers\pctfw2.sys
2007-12-01 07:58 92,064 ----a-w C:\Documents and Settings\Kev\mqdmmdm.sys
2007-12-01 07:58 9,232 ----a-w C:\Documents and Settings\Kev\mqdmmdfl.sys
2007-12-01 07:58 79,328 ----a-w C:\Documents and Settings\Kev\mqdmserd.sys
2007-12-01 07:58 66,656 ----a-w C:\Documents and Settings\Kev\mqdmbus.sys
2007-12-01 07:58 6,208 ----a-w C:\Documents and Settings\Kev\mqdmcmnt.sys
2007-12-01 07:58 5,936 ----a-w C:\Documents and Settings\Kev\mqdmwhnt.sys
2007-12-01 07:58 4,048 ----a-w C:\Documents and Settings\Kev\mqdmcr.sys
2007-12-01 07:58 25,600 ----a-w C:\Documents and Settings\Kev\usbsermptxp.sys
2007-12-01 07:58 22,768 ----a-w C:\Documents and Settings\Kev\usbsermpt.sys
2007-08-06 07:19 5,396 ----a-w C:\Documents and Settings\laura haines\Application Data\wklnhst.dat
2007-05-11 17:14 2,731,376 ----a-w C:\Program Files\XoftSpySE431_232.exe
2006-12-13 22:40 44,262 ----a-w C:\Documents and Settings\Kev\Application Data\wklnhst.dat
2006-08-15 05:52 13,706,152 ----a-w C:\Program Files\zlsSetup_65_731_000_en.exe
2005-08-18 18:59 68,400 ----a-w C:\Documents and Settings\laura haines\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 18:32 1040832]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 18:43 4670704]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10 23237416]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-03 13:00 335872]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688]
"OdTray.exe"="C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2003-12-16 12:44 626746]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 21:00 270336]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 18:32 1040832]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 14:48 509224]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-06-12 06:28 1107848]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 09:42 202088]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17 159744]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-03-13 14:30 652528]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 02:10 409600]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 08:55 61440]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 09:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 20:54 65536 C:\WINDOWS\SOUNDMAN.EXE]
"kmw_run.exe"="kmw_run.exe" [2004-01-27 10:39 106496 C:\WINDOWS\system32\kmw_run.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 13:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-14 21:56 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Kensington\\MouseWorks\\k_update.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-06-12 06:27]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-10-27 14:17]
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys [2004-01-27 10:39]
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys [2004-01-27 10:39]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-08-26 03:46]
S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys [2004-01-27 10:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ea4d8d1-c0f8-11dc-b10d-00030d207216}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe
.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 22:00:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-15 02:30:00 C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job"
- C:\Program Files\ErrorSmart\ErrorSmart.ex
- C:\Program Files\ErrorSmart
"2008-07-14 18:00:00 C:\WINDOWS\Tasks\Norton Security Online - C drive - Kev.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exec/SE- /TASK:
"2008-07-14 18:00:00 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Kev.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
"2008-07-21 19:41:47 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-15 17:59:45 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-14 08:00:00 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
"2008-07-21 19:41:49 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-07-14 18:01:05 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
- - - - ORPHANS REMOVED - - - -

HKCU-Run-updateMgr - C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe


.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = hxxp://home.bt.yahoo.com
R0 -: HKLM-Main,Start Page = hxxp://home.bt.yahoo.com
R1 -: HKCU-Internet Settings,ProxyOverride = 127.0.0.1
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\Office\OFFICE11\EXCEL.EXE/3000
O8 -: Easy-WebPrint Add To Print List - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_AddToList.html
O8 -: Easy-WebPrint High Speed Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_HSPrint.html
O8 -: Easy-WebPrint Preview - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Preview.html
O8 -: Easy-WebPrint Print - C:\Program Files\Canon\Easy-WebPrint\Resource.dll/RC_Print.html
O8 -: eBay Search - C:\Program Files\eBay\eBay Toolbar2\eBayTb.dll/RCSearch.html

O16 -: Microsoft XML Parser for Java - file://C:\WINDOWS\Java\classes\xmldso.cab
C:\WINDOWS\Downloaded Program Files\Microsoft XML Parser for Java.osd


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-21 20:42:27
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\odClientService.exe
C:\Program Files\Adobe\Photoshop Elements 5.0\PhotoshopElementsFileAgent.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Kontiki\KService.exe
C:\Program Files\Common Files\Microsoft Shared\VS7Debug\MDM.EXE
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Windows Media Player\wmpnetwk.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\system32\kmw_show.exe
C:\PROGRA~1\Yahoo!\browser\ycommon.exe
C:\Program Files\Common Files\Teleca Shared\CapabilityManager.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\PROGRA~1\Yahoo!\MESSEN~1\Ymsgr_tray.exe
C:\PROGRA~1\Yahoo!\YOP\SSDK02.exe
C:\Program Files\Skype\Plugin Manager\skypePM.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
.
**************************************************************************
.
Completion time: 2008-07-21 20:48:47 - machine was rebooted [Kev]
ComboFix-quarantined-files.txt 2008-07-21 19:48:42

Pre-Run: 30,024,781,824 bytes free
Post-Run: 30,659,117,056 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect
C:\CMDCONS\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons

236 --- E O F --- 2008-07-21 18:24:24
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Uninstall ErrorSmart via the Add/Remove Programs panel if found.

Open up your Notepad editor (Start->Run, type in notepad and click OK). Copy the text from the quotebox below into Notepad:

File::
C:\WINDOWS\TMP0001.TMP
C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
Folder::
C:\Documents and Settings\Kev\Application Data\ErrorSmart
C:\Program Files\ErrorSmart\

Save this as CFScript.txt in the same location as the ComboFix.exe tool.
Drag the CFScript.txt into ComboFix.exe
Follow the prompts. When finished, it shall produce a log for you. Post that log in your next reply.

Note: Do not click on combofix's window while it's running. That may cause it to stall.

How is the computer running so far?
  • 0

#7
Kevdj

Kevdj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
My computer is running much faster than it has for a long while. Many thanks for your help so far. :)

Couldn't find error smart in add/remove programs but icon has been removed by the rerun of ComboFix.

Only problem I am getting is having to repair my wireless network connection a lot, especially on startup, but this is probably a problem requiring a new thread to be started.

Anyway here is my new ComboFix log.

ComboFix 08-07-20.A0 - Kev 2008-07-23 6:25:49.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.561 [GMT 1:00]
Running from: C:\Documents and Settings\Kev\Desktop\ComboFix.exe
Command switches used :: C:\Documents and Settings\Kev\Desktop\CFScript.txt
* Created a new restore point

FILE ::
C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
C:\WINDOWS\TMP0001.TMP
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Kev\Application Data\ErrorSmart
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Log\2008 Jul 14 - 03_55_01 PM_640.log
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Log\2008 Jul 14 - 04_33_20 PM_390.log
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Log\2008 Jul 14 - 06_59_16 PM_046.log
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-04-27_14-36-46.reg
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-04-27_14-47-12.reg
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-04-27_14-47-54.reg
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-04-27_20-14-40.reg
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-05-02_19-26-25.reg
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-05-07_05-52-16.reg
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-05-09_20-36-46.reg
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-05-22_06-07-24.reg
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-06-04_18-34-04.reg
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-06-09_20-20-50.reg
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-06-14_12-01-21.reg
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-06-21_07-52-00.reg
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-07-02_05-32-35.reg
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-07-09_06-24-36.reg
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-07-10_22-12-51.reg
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-07-11_21-17-09.reg
C:\Documents and Settings\Kev\Application Data\ErrorSmart\Registry Backups\2008-07-14_19-04-31.reg
C:\WINDOWS\Tasks\ErrorSmart Scheduled Scan.job
C:\WINDOWS\TMP0001.TMP

.
((((((((((((((((((((((((( Files Created from 2008-06-23 to 2008-07-23 )))))))))))))))))))))))))))))))
.

2008-07-15 22:51 . 2008-07-15 22:51 <DIR> d-------- C:\Program Files\Trend Micro
2008-07-15 19:35 . 2008-07-15 20:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-15 19:35 . 2008-07-15 19:35 <DIR> d-------- C:\Documents and Settings\Kev\Application Data\Malwarebytes
2008-07-15 19:35 . 2008-07-15 19:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-15 19:35 . 2008-07-07 17:35 34,296 --a------ C:\WINDOWS\system32\drivers\mbamcatchme.sys
2008-07-15 19:35 . 2008-07-07 17:35 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-15 18:59 . 2008-07-15 19:06 <DIR> d-------- C:\Program Files\RegCure
2008-07-14 21:46 . 2008-06-19 17:24 28,544 --a------ C:\WINDOWS\system32\drivers\pavboot.sys
2008-07-14 21:45 . 2008-07-14 21:45 <DIR> d-------- C:\Program Files\Panda Security
2008-07-14 21:25 . 2008-07-14 21:25 <DIR> d-------- C:\VundoFix Backups
2008-07-14 19:07 . 2008-07-14 20:54 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-07-14 16:08 . 2008-07-14 16:09 <DIR> d-------- C:\Program Files\RogueRemover FREE
2008-07-11 07:16 . 2008-07-11 07:16 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-07-11 06:52 . 2008-07-11 06:52 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-11 06:46 . 2008-07-14 21:56 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-11 06:46 . 2008-07-11 06:46 <DIR> d-------- C:\Documents and Settings\Kev\Application Data\SUPERAntiSpyware.com
2008-07-11 06:45 . 2008-07-11 06:45 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-07-10 21:51 . 2008-04-20 13:06 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Apple Computer
2008-07-10 21:51 . 2008-07-10 21:51 <DIR> d-------- C:\Documents and Settings\Administrator
2008-07-10 19:41 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-07-10 19:41 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-07-10 19:41 . 2008-05-29 09:35 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-07-10 19:41 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-07-10 19:41 . 2008-07-02 13:33 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-07-10 19:41 . 2008-05-23 18:21 81,920 --a------ C:\WINDOWS\system32\404Fix.exe
2008-07-10 19:41 . 2003-06-05 21:13 53,248 --a------ C:\WINDOWS\system32\Process.exe
2008-07-10 19:41 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-07-10 19:41 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-23 05:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kontiki
2008-07-23 05:27 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2008-07-23 05:16 --------- d-----w C:\Documents and Settings\Kev\Application Data\Skype
2008-07-19 07:31 --------- d-----w C:\Program Files\Spyware Doctor
2008-07-14 18:01 --------- d-----w C:\Program Files\XoftSpySE
2008-07-11 18:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\WholeSecurity
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:41 245,248 ----a-w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:41 148,992 ----a-w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-15 16:10 --------- d-----w C:\Documents and Settings\Kev\Application Data\Apple Computer
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\drivers\bthport.sys
2008-06-13 13:10 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-12 05:27 159,880 ----a-w C:\WINDOWS\system32\drivers\pctfw2.sys
2008-05-08 12:28 202,752 ----a-w C:\WINDOWS\system32\dllcache\rmcast.sys
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\quartz.dll
2008-05-07 05:18 1,287,680 ----a-w C:\WINDOWS\system32\dllcache\quartz.dll
2008-04-23 21:16 3,591,680 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2007-12-01 07:58 92,064 ----a-w C:\Documents and Settings\Kev\mqdmmdm.sys
2007-12-01 07:58 9,232 ----a-w C:\Documents and Settings\Kev\mqdmmdfl.sys
2007-12-01 07:58 79,328 ----a-w C:\Documents and Settings\Kev\mqdmserd.sys
2007-12-01 07:58 66,656 ----a-w C:\Documents and Settings\Kev\mqdmbus.sys
2007-12-01 07:58 6,208 ----a-w C:\Documents and Settings\Kev\mqdmcmnt.sys
2007-12-01 07:58 5,936 ----a-w C:\Documents and Settings\Kev\mqdmwhnt.sys
2007-12-01 07:58 4,048 ----a-w C:\Documents and Settings\Kev\mqdmcr.sys
2007-12-01 07:58 25,600 ----a-w C:\Documents and Settings\Kev\usbsermptxp.sys
2007-12-01 07:58 22,768 ----a-w C:\Documents and Settings\Kev\usbsermpt.sys
2007-08-06 07:19 5,396 ----a-w C:\Documents and Settings\laura haines\Application Data\wklnhst.dat
2007-05-11 17:14 2,731,376 ----a-w C:\Program Files\XoftSpySE431_232.exe
2006-12-13 22:40 44,262 ----a-w C:\Documents and Settings\Kev\Application Data\wklnhst.dat
2006-08-15 05:52 13,706,152 ----a-w C:\Program Files\zlsSetup_65_731_000_en.exe
2005-08-18 18:59 68,400 ----a-w C:\Documents and Settings\laura haines\Application Data\GDIPFONTCACHEV1.DAT
.

((((((((((((((((((((((((((((( [email protected]_20.48.13.00 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-23 05:06:44 16,384 ----atw C:\WINDOWS\temp\Perflib_Perfdata_ec.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 13:00 15360]
"kdx"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 18:32 1040832]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"Yahoo! Pager"="C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2007-08-30 18:43 4670704]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2007-07-02 17:10 23237416]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-13 17:24 1694208]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2004-03-03 13:00 335872]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 11:50 155648]
"Microsoft Works Update Detection"="C:\Program Files\Common Files\Microsoft Shared\Works Shared\WkUFind.exe" [2003-06-10 00:11 50688]
"OdTray.exe"="C:\Program Files\Fujitsu Siemens Computers\Odyssey Client for Fujitsu Siemens Computers\OdTray.exe" [2003-12-16 12:44 626746]
"HydraVisionDesktopManager"="C:\Program Files\ATI Technologies\ATI HYDRAVISION\HydraDM.exe" [2003-09-15 21:00 270336]
"4oD"="C:\Program Files\Kontiki\KHost.exe" [2006-11-08 18:32 1040832]
"YOP"="C:\PROGRA~1\Yahoo!\YOP\yop.exe" [2007-06-26 14:48 509224]
"YBrowser"="C:\PROGRA~1\Yahoo!\browser\ybrwicon.exe" [2006-07-21 17:19 129536]
"ISTray"="C:\Program Files\Spyware Doctor\pctsTray.exe" [2008-06-12 06:28 1107848]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"TomTomHOME.exe"="C:\Program Files\TomTom HOME 2\HOMERunner.exe" [2008-05-06 09:42 202088]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2005-10-26 18:17 159744]
"eBayToolbar"="C:\Program Files\eBay\eBay Toolbar2\eBayTBDaemon.exe" [2008-03-13 14:30 652528]
"Easy-PrintToolBox"="C:\Program Files\Canon\Easy-PrintToolBox\BJPSMAIN.EXE" [2004-01-14 02:10 409600]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 23:16 39792]
"Adobe Photo Downloader"="C:\Program Files\Adobe\Photoshop Elements 5.0\apdproxy.exe" [2006-09-14 08:55 61440]
"ATIModeChange"="Ati2mdxx.exe" [2001-09-04 09:24 28672 C:\WINDOWS\system32\Ati2mdxx.exe]
"SoundMan"="SOUNDMAN.EXE" [2004-01-08 20:54 65536 C:\WINDOWS\SOUNDMAN.EXE]
"kmw_run.exe"="kmw_run.exe" [2004-01-27 10:39 106496 C:\WINDOWS\system32\kmw_run.exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 13:00 15360]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2004-08-04 13:00 53760 C:\WINDOWS\system32\narrator.exe]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Microsoft Office OneNote 2003 Quick Launch.lnk - C:\Program Files\Office\OFFICE11\ONENOTEM.EXE [2007-04-19 13:49:52 64864]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 10:13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-14 21:56 294912 C:\Program Files\SUPERAntiSpyware\SASWINLO.DLL

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"C:\\Program Files\\Kensington\\MouseWorks\\k_update.exe"=
"C:\\PROGRA~1\\Yahoo!\\MESSEN~1\\yserver.exe"=
"C:\\Program Files\\Yahoo!\\browser\\ybrowser.exe"=
"C:\\Program Files\\Valve\\Steam\\Steam.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kontiki\\KService.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

R0 pavboot;pavboot;C:\WINDOWS\system32\drivers\pavboot.sys [2008-06-19 17:24]
R1 pctfw2;pctfw2;C:\WINDOWS\system32\drivers\pctfw2.sys [2008-06-12 06:27]
R3 CONAN;CONAN;C:\WINDOWS\system32\drivers\o2mmb.sys [2003-10-27 14:17]
R3 KMW_KBD;Kensington Input Devices Class filter driver;C:\WINDOWS\system32\DRIVERS\KMW_KBD.sys [2004-01-27 10:39]
R3 KMW_SYS;Kensington MouseWorks Mouse filter driver;C:\WINDOWS\system32\DRIVERS\KMW_SYS.sys [2004-01-27 10:39]
R3 MbxStby;MbxStby;C:\WINDOWS\system32\drivers\MbxStby.sys [2003-08-26 03:46]
S3 KMW_USB;Kensington MouseWorks USB filter driver;C:\WINDOWS\system32\DRIVERS\KMW_USB.sys [2004-01-27 10:39]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2ea4d8d1-c0f8-11dc-b10d-00030d207216}]
\shell\AutoRun\command - F:\InstallTomTomHOME.exe

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2008-05-08 22:00:36 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-07-14 18:00:00 C:\WINDOWS\Tasks\Norton Security Online - C drive - Kev.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exec/SE- /TASK:
"2008-07-14 18:00:00 C:\WINDOWS\Tasks\Norton Security Online - Run Full System Scan - Kev.job"
- C:\PROGRA~1\Symantec\Norton AntiVirus\Navw32.exeh/TASK:
"2008-07-23 05:10:48 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-07-15 17:59:45 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-06-14 08:00:00 C:\WINDOWS\Tasks\XoftSpy.job"
- C:\Program Files\XoftSpy\XoftSpy.exe
"2008-07-23 05:10:48 C:\WINDOWS\Tasks\XoftSpySE 2.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
"2008-07-14 18:01:05 C:\WINDOWS\Tasks\XoftSpySE.job"
- C:\Program Files\XoftSpySE\XoftSpy.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-23 06:29:26
Windows 5.1.2600 Service Pack 2 NTFS

detected NTDLL code modification:
ZwClose

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\WINDOWS\system32\Ati2evxx.dll
.
Completion time: 2008-07-23 6:31:13
ComboFix-quarantined-files.txt 2008-07-23 05:30:45
ComboFix2.txt 2008-07-21 19:48:48

Pre-Run: 30,845,366,272 bytes free
Post-Run: 30,848,417,792 bytes free

223 --- E O F --- 2008-07-21 18:24:24
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
For the wireless issue, is it happening to your other computers (if you have more than one computer)? Are they using wireless as well? Did you try using a cable to see if it has the same issue? You may post this in the Networking board if it still has problems.

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#9
Kevdj

Kevdj

    New Member

  • Topic Starter
  • Member
  • Pip
  • 8 posts
My computer is fine and all working well.

Many thanks for your help. My first time on one of these forums and the service is excellwnt will recomend to others.

:)
  • 0

#10
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP