Jump to content

Welcome to Geeks to Go - Register now for FREE

Need help with your computer or device? Want to learn new tech skills? You're in the right place!
Geeks to Go is a friendly community of tech experts who can solve any problem you have. Just create a free account and post your question. Our volunteers will reply quickly and guide you through the steps. Don't let tech troubles stop you. Join Geeks to Go now and get the support you need!

How it Works Create Account
Photo

My computer is clean? [RESOLVED]


  • This topic is locked This topic is locked

#1
geekstomove

geekstomove

    Member

  • Member
  • PipPip
  • 31 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 19:24:51, on 19.07.2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE
C:\WINDOWS\system32\AccelerometerSt.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe
C:\Program Files\McAfee\Common Framework\UdaterUI.exe
C:\Program Files\McAfee\Common Framework\McTray.exe
C:\WINDOWS\VM_STI.EXE
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe
C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe
C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
C:\Program Files\Hewlett-Packard\IAM\bin\asghost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\ifxspmgt.exe
C:\WINDOWS\system32\ifxtcs.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe
C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
C:\Program Files\Windows Live\Messenger\usnsvc.exe
C:\Program Files\Windows Live\Messenger\msnmsgr.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\Hewlett-Packard\Shared\HpqToaster.exe
C:\Program Files\iTunes\iTunes.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceHelper.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\distnoted.exe
D:\MalwareRemovalKit\HiJackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft....k/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,"C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe"
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - C:\Program Files\McAfee\VirusScan Enterprise\scriptcl.dll
O2 - BHO: (no name) - {7E853D72-626A-48EC-A868-BA8D5E23E045} - (no file)
O2 - BHO: WinView plugin - {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - C:\WINDOWS\system32\oggsys.dll
O2 - BHO: Windows Live Oturum Açma Yardım Aracı - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O2 - BHO: Credential Manager for HP ProtectTools - {DF21F1DB-80C6-11D3-9483-B03D0EC10000} - C:\Program Files\Hewlett-Packard\IAM\Bin\ItIEAddIn.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 7.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [PTHOSTTR] C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE /Start
O4 - HKLM\..\Run: [IFXSPMGT] C:\WINDOWS\system32\ifxspmgt.exe /NotifyLogon
O4 - HKLM\..\Run: [CognizanceTS] rundll32.exe C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll,RegisterModule
O4 - HKLM\..\Run: [AccelerometerSysTrayApplet] C:\WINDOWS\system32\AccelerometerSt.exe
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [Cpqset] C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe
O4 - HKLM\..\Run: [RoxioDragToDisc] "C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe"
O4 - HKLM\..\Run: [QlbCtrl] %ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
O4 - HKLM\..\Run: [WatchDog] C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O4 - HKLM\..\Run: [NeroFilterCheck] C:\WINDOWS\system32\NeroCheck.exe
O4 - HKLM\..\Run: [McAfeeUpdaterUI] "C:\Program Files\McAfee\Common Framework\UdaterUI.exe" /StartedFromRunKey
O4 - HKLM\..\Run: [SoftGridTray] C:\Program Files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe /autostart
O4 - HKLM\..\Run: [ShStatEXE] "C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" /STANDALONE
O4 - HKLM\..\Run: [BigDogPath] C:\WINDOWS\VM_STI.EXE Vimicro USB PC Camera (ZC0301PL)
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe"
O4 - HKLM\..\Run: [Acrobat Assistant 7.0] "C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe"
O4 - HKLM\..\Run: [SoundMAX] C:\Program Files\Analog Devices\SoundMAX\Smax4.exe /tray
O4 - HKLM\..\Run: [SoundMAXPnP] C:\Program Files\Analog Devices\Core\smax4pnp.exe
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [LightScribe Control Panel] C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe -hidden
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-21-1759716141-1523630854-2321340177-31875\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\ctfmon.exe (User '?')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\system32\CTFMON.EXE (User 'Default user')
O4 - S-1-5-21-1759716141-1523630854-2321340177-31875 Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE (User '?')
O4 - Startup: OneNote 2007 Screen Clipper and Launcher.lnk = C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE
O4 - Global Startup: Adobe Acrobat Speed Launcher.lnk = ?
O4 - Global Startup: Bluetooth.lnk = ?
O4 - Global Startup: DVD Check.lnk = C:\Program Files\InterVideo\DVD Check\DVDCheck.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_05\bin\ssv.dll
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {9E265649-6E0E-4EEA-9F49-DAE0801440CF} (WebDigiNet Control) - http://85.105.68.155/WebDiginet.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {D5D17C21-1719-4640-B0B2-4F3262419920} (JaguarEditControl-ISBANK) - https://www.isbank.c...Edit4ISBv27.CAB
O16 - DPF: {FE0BD779-44EE-4A4B-AA2E-743C63F2E5E6} (IWinAmpActiveX Class) - http://pdl.stream.ao.../ampx_en_dl.cab
O20 - AppInit_DLLs: APSHook.dll
O20 - Winlogon Notify: DeviceNP - C:\WINDOWS\SYSTEM32\DeviceNP.dll
O20 - Winlogon Notify: OneCard - C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Adobe Systems - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple, Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Ati HotKey Poller - ATI Technologies Inc. - C:\WINDOWS\system32\Ati2evxx.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
O23 - Service: HP ProtectTools Device Locking / Auditing (FLCDLOCK) - Hewlett-Packard Ltd - C:\WINDOWS\system32\flcdlock.exe
O23 - Service: Drive Encryption Service (HpFkCryptService) - SafeBoot International - C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: Security Platform Management Service (IFXSpMgtSrv) - Infineon Technologies AG - C:\WINDOWS\system32\ifxspmgt.exe
O23 - Service: Trusted Platform Core Service (IFXTCS) - Infineon Technologies AG - C:\WINDOWS\system32\ifxtcs.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: IviRegMgr - InterVideo - C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - C:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: McAfee Framework Service (McAfeeFramework) - McAfee, Inc. - C:\Program Files\McAfee\Common Framework\FrameworkService.exe
O23 - Service: McAfee McShield (McShield) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
O23 - Service: McAfee Task Manager (McTaskManager) - McAfee, Inc. - C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
O23 - Service: Personal Secure Drive service (PersonalSecureDriveService) - Infineon Technologies AG - C:\WINDOWS\system32\IfxPsdSv.exe
O23 - Service: RoxMediaDB9 - Sonic Solutions - C:\Program Files\Common Files\Roxio Shared\9.0\SharedCOM\RoxMediaDB9.exe
O23 - Service: SoftGrid Client (sftlist) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe
O23 - Service: SoftGrid Virtual Service Agent (sftvsa) - Softricity, Inc. - C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: SWIHPWMI - Sierra Wireless Inc. - C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe

--
End of file - 14098 bytes
  • 0

Advertisements


#2
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Please print the below instructions or copy them to Notepad. Make sure to work through the fixes in the order mentioned below. If there's anything that you don't understand, ask your question(s) before proceeding with the fixes.

Run a scan in HijackThis. Check each of the following if they still exist and hit 'Fix Checked' after you checked the last one:

O2 - BHO: WinView plugin - {8AE578E0-6DF5-41E0-869F-F65A32D2F6BD} - C:\WINDOWS\system32\oggsys.dll

Locate the following Files/Folders and delete them if they exist (if no location given, just do a search for them):

C:\WINDOWS\system32\oggsys.dll

Download Malwarebytes ' Anti-Malware at http://www.besttechi.../mbam-setup.exe or http://www.majorgeek...ware_d5756.html Double-click on mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select Perform Full Scan, then click Scan.
* The scan may take some time to finish, so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to restart (see Extra Note below).
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy & paste the entire report into your next reply.

Extra Note:
If MBAM encounters a file that is difficult to remove, you will be presented with 1 of 2 prompts. Click OK to either and let MBAM proceed with the disinfection process. If asked to restart the computer, please do so immediately.


Go to http://www.bleepingc...to-use-combofix and follow the instructions on how to install the Recovery Console and run ComboFix. Go through all the steps until posting the log part. Post the combofix log here.
  • 0

#3
geekstomove

geekstomove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Dear greyknight17,

First, I would like to thank you for your fast response. I really appreciate your effort and valuable help. I have done all the listed items. I am posting the logs below. I hope that I can have a clean computer.

I would like to remind you that after doing combo fix, I have got some pup up menus asking me allow or deny some changes. These are belong to Spybot search destroy. I have told it to allow all the changes. I hope that I have done it correctly.

I really look forward hearing from you soon. Thanks... Have a nice day.

Malwarebytes' Anti-Malware 1.21
Database version: 967
Windows 5.1.2600 Service Pack 2

01:07:10 20.07.2008
mbam-log-7-20-2008 (01-07-10).txt

Scan type: Full Scan (C:\|)
Objects scanned: 95830
Time elapsed: 32 minute(s), 47 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 4
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 3

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\Interface\{caf9d798-c659-4b9b-8e19-ee27c3d04ee7} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\Typelib\{15c7d7ad-a87a-4c0d-9d8b-637fcd3488ef} (Trojan.BHO) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho (Trojan.FakeAlert) -> Quarantined and deleted successfully.
HKEY_CLASSES_ROOT\bhonew.bho.1 (Trojan.FakeAlert) -> Quarantined and deleted successfully.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
C:\Program Files\QuickTime Alternative\quicktime_browser_plugin.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\Program Files\Real Alternative\realmedia_browser_plugin.exe (Rogue.Installer) -> Quarantined and deleted successfully.
C:\System Volume Information\_restore{1AC3E00B-2D51-4B1A-8FE7-CC85033E48A8}\RP178\A0036758.dll (Trojan.FakeAlert) -> Quarantined and deleted successfully.


ComboFix 08-07-19.1 - Administrator 2008-07-20 1:12:47.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1254.1.1033.18.1454 [GMT 3:00]
Running from: C:\Documents and Settings\Administrator.HP8510049\Desktop\ComboFix.exe
* Created a new restore point
* Resident AV is active

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Program Files\Hewlett-Packard\IAM\Bin\ASWLNPkg.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_ASBroker
-------\Service_ASBroker


((((((((((((((((((((((((( Files Created from 2008-06-19 to 2008-07-19 )))))))))))))))))))))))))))))))
.

2008-07-20 00:29 . 2008-07-20 00:29 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-20 00:29 . 2008-07-20 00:29 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-07-20 00:29 . 2008-07-20 00:29 <DIR> d-------- C:\Documents and Settings\Administrator.HP8510049\Application Data\Malwarebytes
2008-07-20 00:29 . 2008-07-18 19:15 36,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-07-20 00:29 . 2008-07-18 19:15 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-07-18 10:05 . 2008-07-18 10:05 4,566 --a------ C:\WINDOWS\imsins.BAK
2008-07-05 12:39 . 2007-07-13 12:24 3,107,788 -ra------ C:\WINDOWS\system32\ativvaxx.dat
2008-07-05 12:39 . 2007-07-13 12:24 3,107,788 -ra------ C:\WINDOWS\system32\ativva5x.dat
2008-07-05 12:39 . 2007-07-13 12:24 972,072 -ra------ C:\WINDOWS\system32\ativva6x.dat
2008-07-05 12:39 . 2007-07-13 12:53 339,968 -ra------ C:\WINDOWS\system32\ATIDEMGX.dll
2008-07-05 12:39 . 2007-07-13 12:51 307,200 -ra------ C:\WINDOWS\system32\atiiiexx.dll
2008-07-05 12:39 . 2007-04-05 22:15 144,357 -ra------ C:\WINDOWS\system32\atiicdxx.dat
2008-07-05 12:39 . 2007-04-04 03:05 7,069 -ra------ C:\WINDOWS\system32\atifglpf.xml
2008-07-05 12:38 . 2008-07-05 12:38 1,648 --a------ C:\WINDOWS\ATICIM.INI
2008-07-05 10:36 . 2008-07-05 10:36 <DIR> d-------- C:\ATI
2008-07-04 06:02 . 2008-07-04 06:02 <DIR> d-------- C:\Program Files\Spybot - Search & Destroy
2008-07-04 06:02 . 2008-07-04 06:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-07-04 05:49 . 2008-07-04 05:49 <DIR> d-------- C:\Program Files\Lavasoft
2008-07-04 05:49 . 2008-07-04 05:49 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-07-02 22:24 . 2008-07-02 22:24 <DIR> d-------- C:\Program Files\UPHClean
2008-07-02 11:28 . 2008-07-02 11:39 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-07-02 11:28 . 2008-07-02 11:28 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\SUPERAntiSpyware.com
2008-07-02 11:28 . 2008-07-02 11:39 <DIR> d-------- C:\Documents and Settings\Administrator.HP8510049\Application Data\SUPERAntiSpyware.com
2008-07-02 10:00 . 2008-07-02 10:00 <DIR> d-------- C:\Program Files\MSXML 4.0
2008-07-02 10:00 . 2008-07-02 10:00 <DIR> d-------- C:\Program Files\Digital Photo Recovery
2008-07-02 10:00 . 2008-07-02 10:00 <DIR> d-------- C:\Documents and Settings\mahira\WINDOWS
2008-07-02 10:00 . 2008-07-02 10:00 <DIR> d-------- C:\Documents and Settings\mahira\CyberSoft
2008-07-02 10:00 . 2008-07-02 10:00 <DIR> d-------- C:\Documents and Settings\mahira\Contacts
2008-07-02 10:00 . 2008-07-02 10:00 <DIR> d-------- C:\Documents and Settings\mahira\Bluetooth Software
2008-07-02 10:00 . 2008-07-02 10:00 <DIR> d-------- C:\Documents and Settings\mahira\Application Data\SoftGrid Client
2008-07-02 10:00 . 2008-07-02 10:00 <DIR> d-------- C:\Documents and Settings\mahira\Application Data\Schlumberger
2008-07-02 10:00 . 2008-07-02 10:00 <DIR> d-------- C:\Documents and Settings\mahira\Application Data\Roxio
2008-07-02 10:00 . 2008-07-02 10:00 <DIR> d-------- C:\Documents and Settings\mahira\Application Data\Media Player Classic
2008-07-02 10:00 . 2008-07-02 10:00 <DIR> d-------- C:\Documents and Settings\mahira\Application Data\InterVideo
2008-07-02 10:00 . 2008-07-02 10:00 <DIR> d-------- C:\Documents and Settings\mahira\Application Data\Infineon
2008-07-02 10:00 . 2008-07-02 10:00 <DIR> d-------- C:\Documents and Settings\mahira\Application Data\hpqLog
2008-07-02 10:00 . 2008-07-02 10:00 <DIR> d-------- C:\Documents and Settings\mahira\Application Data\DivX
2008-07-02 10:00 . 2008-07-02 10:00 <DIR> d-------- C:\Documents and Settings\mahira\Application Data\ATI
2008-07-02 10:00 . 2008-07-02 10:00 <DIR> d-------- C:\Documents and Settings\mahira\Application Data\AdobeUM
2008-07-02 10:00 . 2008-07-03 23:03 <DIR> d-------- C:\Documents and Settings\mahira
2008-06-30 13:05 . 2008-06-30 13:14 <DIR> d-------- C:\Program Files\FreeUndelete
2008-06-30 05:50 . 2008-07-18 10:04 <DIR> d-------- C:\Program Files\Recuva
2008-06-29 06:28 . 2008-06-29 13:57 4,410 --a------ C:\WINDOWS\system32\tmp.reg
2008-06-29 05:00 . 2008-06-29 05:00 490 --a------ C:\HP_727
2008-06-29 03:52 . 2008-06-29 03:52 <DIR> d-------- C:\MISC
2008-06-29 03:50 . 2008-06-29 04:59 <DIR> d-------- C:\Program Files\RiteRecovery
2008-06-26 10:16 . 2008-06-26 10:16 <DIR> d-------- C:\WINDOWS\system32\URTTEMP
2008-06-25 06:07 . 2008-06-25 06:07 <DIR> d-------- C:\Program Files\CCleaner
2008-06-23 05:43 . 2008-06-23 05:43 <DIR> d-------- C:\WINDOWS\system32\tr-TR
2008-06-23 05:42 . 2008-06-23 05:42 <DIR> d-------- C:\WINDOWS\system32\XPSViewer
2008-06-23 05:42 . 2008-06-23 05:42 <DIR> d-------- C:\Program Files\Reference Assemblies
2008-06-23 05:41 . 2006-06-29 13:07 14,048 --------- C:\WINDOWS\system32\spmsg2.dll
2008-06-23 02:17 . 2008-06-23 02:20 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-06-23 00:23 . 2008-06-13 16:10 272,128 --------- C:\WINDOWS\system32\drivers\bthport.sys
2008-06-23 00:23 . 2008-06-13 16:10 272,128 -----c--- C:\WINDOWS\system32\dllcache\bthport.sys
2008-06-21 23:35 . 2008-06-21 23:35 21,037,056 -r-hs---- C:\SafeBoot.fs
2008-06-21 23:35 . 2008-06-21 23:35 589,824 -r-hs---- C:\SafeBoot.rsv

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-07-19 22:14 --------- d-----w C:\Documents and Settings\Administrator.HP8510049\Application Data\SoftGrid Client
2008-07-19 22:07 --------- d-----w C:\Program Files\Real Alternative
2008-07-19 22:07 --------- d-----w C:\Program Files\QuickTime Alternative
2008-07-19 21:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Microsoft Help
2008-07-18 07:04 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-04 02:48 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-06-30 02:16 --------- d-----w C:\Program Files\CardRecovery
2008-06-26 18:08 --------- d-----w C:\Documents and Settings\manager\Application Data\SoftGrid Client
2008-06-26 07:15 --------- d-----w C:\Program Files\Hewlett-Packard
2008-06-26 07:06 1,722 --sha-r C:\WINDOWS\system32\drivers\103C_HP_NTBK_HP Compaq 8510p_YN_0U_QCNU7503HSW_EU_46_I30C5_SHP_VKBC Version 71.36_B68MVD Ver. F.09_T071116_WXP2_L409_M2048_J160_7Intel_8Core2 Duo T7500_92.19_#080214_N14E44312_()_XMOBILE_CN10_Z_2F.09_G10029581.MRK
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-06-10 19:32 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-05-28 00:27 --------- d-----w C:\Program Files\Leica Microsystems
2008-05-28 00:26 --------- d-----w C:\Program Files\Leica Microsystems Wetzlar GmbH(2)
2008-05-27 23:22 --------- d-----w C:\Documents and Settings\Administrator.HP8510049\Application Data\Leica Microsystems
2008-05-27 22:58 --------- d-----w C:\Documents and Settings\Administrator.HP8510049\Application Data\Baumer Optronic
2008-05-27 22:57 --------- d-----w C:\Documents and Settings\All Users\Application Data\Leica Microsystems
2008-05-27 01:47 --------- d-----w C:\Program Files\Common Files\Adobe
2008-05-22 01:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\PeN-LAB
2008-05-20 10:55 --------- d-----w C:\Documents and Settings\Administrator.HP8510049\Application Data\InstallShield
2008-05-20 10:40 --------- d-----w C:\Program Files\Analog Devices
2008-05-19 16:17 --------- d-----w C:\Program Files\Common Files\Adobe Systems Shared
2008-05-19 16:17 --------- d-----w C:\Documents and Settings\All Users\Application Data\Adobe Systems
2008-05-19 15:23 --------- d-----w C:\Program Files\FileRecovery for SD
2008-05-19 15:03 --------- d-----w C:\Program Files\Stellar Phoenix DMR
2008-05-19 15:03 --------- d-----w C:\Program Files\Skype
2008-05-19 15:03 --------- d-----w C:\Program Files\MediaRECOVER
2008-05-19 15:03 --------- d-----w C:\Program Files\Data Doctor Recovery Memory Card
2008-05-19 15:03 --------- d-----w C:\Program Files\Data Doctor Recovery FAT
2008-05-19 15:03 --------- d-----w C:\Program Files\Data Doctor Recovery Digital Camera
2008-05-19 15:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Skype
2008-05-19 15:03 --------- d-----w C:\Documents and Settings\Administrator.HP8510049\Application Data\Skype
2008-05-19 13:52 --------- d-----w C:\Documents and Settings\Administrator.HP8510049\Application Data\skypePM
2008-05-19 05:22 --------- d-----w C:\Documents and Settings\Administrator.HP8510049\Application Data\Apple Computer
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 14:00 15360]
"LightScribe Control Panel"="C:\Program Files\Common Files\LightScribe\LightScribeControlPanel.exe" [2008-03-17 17:59 2289664]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2008-01-28 11:43 2097488]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PTHOSTTR"="C:\Program Files\Hewlett-Packard\HP ProtectTools Security Manager\PTHOSTTR.EXE" [2007-01-09 16:52 145184]
"IFXSPMGT"="C:\WINDOWS\system32\ifxspmgt.exe" [2007-05-23 17:04 677408]
"CognizanceTS"="C:\PROGRA~1\HEWLET~1\IAM\Bin\ASTSVCC.dll" [2003-12-22 20:12 17920]
"AccelerometerSysTrayApplet"="C:\WINDOWS\system32\AccelerometerSt.exe" [2007-01-24 15:28 124928]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-01-12 16:36 827392]
"Cpqset"="C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe" [2007-05-03 10:52 57344]
"RoxioDragToDisc"="C:\Program Files\Roxio\Drag-to-Disc\DrgToDsc.exe" [2007-02-02 10:00 1116920]
"WatchDog"="C:\Program Files\InterVideo\DVD Check\DVDCheck.exe" [2007-05-23 12:00 192512]
"NeroFilterCheck"="C:\WINDOWS\system32\NeroCheck.exe" [2001-07-09 12:50 155648]
"McAfeeUpdaterUI"="C:\Program Files\McAfee\Common Framework\UdaterUI.exe" [2007-10-25 16:06 136512]
"SoftGridTray"="C:\Program Files\Softricity\SoftGrid for Windows Desktops\SFTTray.exe" [2007-07-30 19:50 308592]
"ShStatEXE"="C:\Program Files\McAfee\VirusScan Enterprise\SHSTAT.EXE" [2007-10-16 21:50 111952]
"BigDogPath"="C:\WINDOWS\VM_STI.EXE" [2005-02-28 12:53 53248]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-03-28 23:37 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-03-30 10:36 267048]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_05\bin\jusched.exe" [2008-02-22 04:25 144784]
"Acrobat Assistant 7.0"="C:\Program Files\Adobe\Acrobat 7.0\Distillr\Acrotray.exe" [2004-12-14 02:12 483328]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2007-01-05 19:36 872448]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="C:\WINDOWS\system32\CTFMON.EXE" [2004-08-04 14:00 15360]

C:\Documents and Settings\mahira\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

C:\Documents and Settings\Administrator.HP8510049\Start Menu\Programs\Startup\
OneNote 2007 Screen Clipper and Launcher.lnk - C:\Program Files\Microsoft Office\Office12\ONENOTEM.EXE [2006-10-26 21:24:54 98632]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Acrobat Speed Launcher.lnk - C:\WINDOWS\Installer\{AC76BA86-1033-0000-7760-000000000002}\SC_Acrobat.exe [2008-05-19 19:17:30 25214]
Bluetooth.lnk - C:\Program Files\WIDCOMM\Bluetooth Software\BTTray.exe [2007-02-06 16:14:00 561213]
DVD Check.lnk - C:\Program Files\InterVideo\DVD Check\DVDCheck.exe [2008-02-18 13:58:36 192512]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\userinit.exe,\"C:\\Program Files\\Softricity\\SoftGrid for Windows Desktops\\sftdcc.exe\""

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\DeviceNP]
2007-04-30 09:19 49152 C:\WINDOWS\system32\DeviceNP.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=APSHook.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.YV12"= yv12vfw.dll

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R0 SafeBoot;SafeBoot;C:\WINDOWS\system32\drivers\SafeBoot.sys [2007-04-26 20:23]
R0 SbAlg;SbAlg;C:\WINDOWS\system32\drivers\SbAlg.sys [2006-10-09 14:31]
R0 SbFsLock;SbFsLock;C:\WINDOWS\system32\drivers\SbFsLock.sys [2007-03-29 17:54]
R1 DLARTL_M;DLARTL_M;C:\WINDOWS\system32\Drivers\DLARTL_M.SYS [2007-02-08 21:05]
R1 PersonalSecureDrive;PersonalSecureDrive;C:\WINDOWS\system32\drivers\psd.sys [2007-04-18 22:32]
R1 RsvLock;RsvLock;C:\WINDOWS\system32\drivers\RsvLock.sys [2007-04-26 20:23]
R2 ASChannel;Local Communication Channel;C:\WINDOWS\System32\svchost.exe [2004-08-04 14:00]
R2 HpFkCryptService;Drive Encryption Service;C:\Program Files\Hewlett-Packard\Drive Encryption\HpFkCrypt.exe [2007-04-27 11:58]
R2 sftlist;SoftGrid Client;C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftlist.exe [2007-07-30 19:50]
R2 SWIHPWMI;SWIHPWMI;C:\Program Files\HPQ\Shared\Sierra Wireless\Win32\Unicode\SWIHPWMI.exe [2006-12-04 17:13]
R3 IFXTPM;IFXTPM;C:\WINDOWS\system32\DRIVERS\IFXTPM.SYS [2007-04-18 22:06]
R3 rismc32;RICOH Smart Card Reader;C:\WINDOWS\system32\DRIVERS\rismc32.sys [2006-12-20 01:08]
R3 sftfs;sftfs;C:\Program Files\Softricity\SoftGrid for Windows Desktops\drivers\sftfsXP.sys [2007-07-30 19:50]
R3 sftplay;sftplay;C:\Program Files\Softricity\SoftGrid for Windows Desktops\drivers\sftplayXP.sys [2007-07-30 19:49]
R3 sftvol;sftvol;C:\Program Files\Softricity\SoftGrid for Windows Desktops\drivers\sftvolXP.sys [2007-07-30 19:49]
R3 sftvsa;SoftGrid Virtual Service Agent;C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftvsa.exe [2007-07-30 19:49]
S3 FLCDLOCK;HP ProtectTools Device Locking / Auditing;C:\WINDOWS\system32\flcdlock.exe [2007-04-30 09:28]
S3 RimSerPort;RIM Virtual Serial Port;C:\WINDOWS\system32\DRIVERS\RimSerial.sys [2007-01-12 22:12]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
Cognizance REG_MULTI_SZ ASBroker ASChannel

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{503481c2-db2a-11dc-8d34-806d6172696f}]
\Shell\AutoRun\command - E:\setup.exe

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"C:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
"2008-07-07 09:00:06 C:\WINDOWS\Tasks\Security Platform Backup Schedule.job"
- C:\Program Files\Hewlett-Packard\Embedded Security Software\SpBackupWz.exe
.
- - - - ORPHANS REMOVED - - - -

Notify-OneCard - (no file)


**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-07-20 01:16:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = C:\Program Files\Hewlett-Packard\Default Settings\cpqset.exe????????T??????????????|?M?|?????M?|&?@

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\WINDOWS\system32\ati2evxx.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\ati2evxx.exe
C:\WINDOWS\system32\scardsvr.exe
C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\QLBCTRL.exe
C:\Program Files\McAfee\Common Framework\Mctray.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\WINDOWS\system32\IFXTCS.exe
C:\Program Files\Common Files\InterVideo\RegMgr\iviRegMgr.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\McAfee\Common Framework\FrameworkService.exe
C:\Program Files\McAfee\VirusScan Enterprise\Mcshield.exe
C:\Program Files\McAfee\VirusScan Enterprise\VsTskMgr.exe
C:\WINDOWS\system32\IfxPsdSv.exe
C:\Program Files\UPHClean\uphclean.exe
C:\Program Files\Hewlett-Packard\Shared\hpqWmiEx.exe
C:\Program Files\McAfee\Common Framework\naPrdMgr.exe
C:\Program Files\Softricity\SoftGrid for Windows Desktops\sftdcc.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Hewlett-Packard\Embedded Security Software\PSDrt.exe
.
**************************************************************************
.
Completion time: 2008-07-20 1:20:28 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-07-19 22:20:22

Pre-Run: 38,408,073,216 bytes free
Post-Run: 38,326,968,320 bytes free

238 --- E O F --- 2008-07-19 21:14:20
  • 0

#4
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Yes, that's perfect. Forgot to mention that about TeaTimer. It will interfere with the fixes....so let the changes go through :)

Delete this file:

C:\WINDOWS\imsins.BAK

Good job. Your log is clean.

To help prevent future spyware infections, read the Anti-Spyware Tutorial and use the tools provided.

Are there any problems now? If none, go to Start->Run, copy/paste in combofix /u and hit OK to remove it. You should be set to go.
  • 0

#5
geekstomove

geekstomove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Hello again,

Great to hear that I am on the right way... I have deleted the mentioned file. Actually I have moved combofix application file to my another local disk to be able use in case of need.. When I wrote in run window ... ıt says unable to find it... I think it is ok...

I remember that while using IE I have been infected. I have never lived a problem with Firefox. Firefox is very good browser in fighting against malware.

Actuallu I have another problem related my start up and anti virus program. I am using Mcaffe Virusscan and on start up , a yellow exclamation mark appears on system tray icon. It cause my computer to start up slow and prevents or delay to load another programs... Do you have any idea on this. I really need your comments and suggestions..

Take care and Have a nice day...
  • 0

#6
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Is McAfee required to run on this computer? If not and you can switch, I highly recommend using AVG. The newest version has both the antivirus and antispyware built in. It's also free for personal use. If you want, uninstall McAfee and install AVG8 instead.

For Combofix, I recommend removing it. Point it to the path where you saved Combofix to remove it:

ex: E:\combofix.exe /u

That tool is constantly updated and it will expire. So there's no use holding onto it.
  • 0

#7
geekstomove

geekstomove

    Member

  • Topic Starter
  • Member
  • PipPip
  • 31 posts
Anyway, I will think about it. McAfee is not required... I have removed combofix as you told me to do so. Now , I think I have a computer running free of malware... Is anything that I need to do next? If there exists any please let me know. In addition, if you have any further recommendations I will be glad to hear that..

Thanks for your valuable help. Best wishes.....
  • 0

#8
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
You may look at the Anti-Spyware Tutorial link I gave you earlier. Other than that, you are set to go :)
  • 0

#9
greyknight17

greyknight17

    Malware Expert

  • Visiting Consultant
  • 16,560 posts
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help. :)

If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.

Everyone else please begin a New Topic.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP