Jump to content

Welcome to Geeks to Go - Register now for FREE

Geeks To Go is a helpful hub, where thousands of volunteer geeks quickly serve friendly answers and support. Check out the forums and get free advice from the experts. Register now to gain access to all of our features, it's FREE and only takes one minute. Once registered and logged in, you will be able to create topics, post replies to existing threads, give reputation to your fellow members, get your own private messenger, post status updates, manage your profile and so much more.

Create Account How it Works
Photo

antivirus 2008 has arrived yesterday 08/12/08 [RESOLVED]


  • This topic is locked This topic is locked

#16
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
your logs are looking pretty good now. the malwarebytes scan and the kaspersky scan only found trace items or items safely quarantined away or in the system restore points, which we will clear at the end.

in this post we will clear the remaining malware i can see. and we will remove the remants of norton you have on your machine. i also want to scan a couple of suspicious looking files.

a question first. is this meant to be your home page? callus.com


====STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://srch-qus9.hpwis.com/

Now close all windows other than HiJackThis, then click Fix Checked. Close HiJackThis.



====STEP 2====
Removing Norton. if you want to remove the remnants carry on with this step. if you dont (or believe you have disabled it) then let me know and go onto the next step.

Go HERE and choose the product that is installed and then download the removal tool.
Run it and reboot.
This should get rid of Norton.



====STEP 3====
  • Please go to VirSCAN.org FREE on-line scan service
  • Copy and paste the following file path into the "Suspicious files to scan"box on the top of the page:

    • C:\Program Files\CncSetup453.exe
  • Click on the Upload button
  • Once the Scan is completed, click on the "Copy to Clipboard" button. This will copy the link of the report into the Clipboard.
  • Paste the contents of the Clipboard in your next reply.
and do the same with C:\WINDOWS\system32\7FFF4DEBD4.sys



====STEP 4====
1. Please open Notepad
  • Click Start , then Run
  • Type notepad .exe in the Run Box.

2. Now copy/paste the entire content of the codebox below into the Notepad window:

Registry::
[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]


3. Save the above as CFScript.txt

4. Then drag the CFScript.txt into ComboFix.exe as depicted in the animation below. This will start ComboFix again.

Posted Image


5. After reboot, (in case it asks to reboot), please post the following reports/logs into your next reply:
  • Combofix.txt
  • A new HijackThis log.

In your next reply could i see:
1. the answer to the question on your home page
2. the two virscan logs
3. the combofix log
4. a new hijackthis log
5. some idea of how your machine is running now

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

Advertisements


#17
kenny34983

kenny34983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I changed my home page to callus.com because I thought that might stop the pop-ups etc. Steps 1 snd 2 are completed,however the link virSCAN.org is probable Japanese language. I searched a few sitec close to that and I don't see a suspicious file to scan area.
Kenny
  • 0

#18
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
hmmmm.....that is no use to man or beast.

lets try this:

Jotti File Submission:

Please go to Jotti's malware scan
Copy and paste the following file path into the "File to upload & scan"box on the top of the page:
C:\Program Files\CncSetup453.exe

Click on the submit button

Please also do the same with the following file:
C:\WINDOWS\system32\7FFF4DEBD4.sys



Please post the results of the scan in your next reply.

If Jotti is busy, try the same atVirustotal
  • 0

#19
kenny34983

kenny34983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
In step 4 #4 do you want me to drag the cfScript to the new combo-fix file or the original combofix.
  • 0

#20
kenny34983

kenny34983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
File to upload & scan:
Service
Service load: 0% 100%

File: 7FFF4DEBD4.sys
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: ed8ded4e6aa00a93a4c4b2aea8f6f669
Packers detected: -

Scanner results
Scan taken on 16 Aug 2008 00:25:34 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Powered by

File to upload & scan:
Service
Service load: 0% 100%

File: 7FFF4DEBD4.sys
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: ed8ded4e6aa00a93a4c4b2aea8f6f669
Packers detected: -

Scanner results
Scan taken on 16 Aug 2008 00:25:34 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Powered by

File to upload & scan:
Service
Service load: 0% 100%

File: 7FFF4DEBD4.sys
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: ed8ded4e6aa00a93a4c4b2aea8f6f669
Packers detected: -

Scanner results
Scan taken on 16 Aug 2008 00:25:34 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Powered by
File to upload & scan:
Service
Service load: 0% 100%

File: 7FFF4DEBD4.sys
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: ed8ded4e6aa00a93a4c4b2aea8f6f669
Packers detected: -

Scanner results
Scan taken on 16 Aug 2008 00:25:34 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Powered by
Here are the 2 virscan's
  • 0

#21
kenny34983

kenny34983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
File to upload & scan:
Service
Service load: 0% 100%

File: 7FFF4DEBD4.sys
Status: OK(Note: file has been scanned before. Therefore, this file's scan results will not be stored in the database)
MD5: ed8ded4e6aa00a93a4c4b2aea8f6f669
Packers detected: -

Scanner results
Scan taken on 16 Aug 2008 00:25:34 (GMT)
A-Squared Found nothing
AntiVir Found nothing
ArcaVir Found nothing
Avast Found nothing
AVG Antivirus Found nothing
BitDefender Found nothing
ClamAV Found nothing
CPsecure Found nothing
Dr.Web Found nothing
F-Prot Antivirus Found nothing
F-Secure Anti-Virus Found nothing
Fortinet Found nothing
Ikarus Found nothing
Kaspersky Anti-Virus Found nothing
NOD32 Found nothing
Norman Virus Control Found nothing
Panda Antivirus Found nothing
Sophos Antivirus Found nothing
VirusBuster Found nothing
VBA32 Found nothing

Powered by
whoops again
  • 0

#22
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

In step 4 #4 do you want me to drag the cfScript to the new combo-fix file or the original combofix

stick with the new combo-fix
  • 0

#23
kenny34983

kenny34983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
ComboFix 08-08-14.05 - Owner 2008-08-15 21:37:19.2 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\Combo-Fix.exe
Command switches used :: C:\Documents and Settings\Owner\Desktop\CFScript.txt
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\HU6YSDUQ\interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\#SharedObjects\HU6YSDUQ\interclick.com\ud.sol
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com
C:\Documents and Settings\Owner\Application Data\macromedia\Flash Player\macromedia.com\support\flashplayer\sys\#interclick.com\settings.sol
C:\Documents and Settings\Owner\cookies\[email protected][1].txt

.
((((((((((((((((((((((((( Files Created from 2008-07-16 to 2008-08-16 )))))))))))))))))))))))))))))))
.

2008-08-14 15:05 . 2008-08-14 15:05 <DIR> d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-08-14 15:05 . 2008-07-30 20:07 38,472 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-08-14 15:05 . 2008-07-30 20:07 17,144 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-08-14 15:04 . 2008-08-14 15:05 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-08-14 15:04 . 2008-08-14 15:04 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-08-14 12:53 . 2008-05-01 10:30 331,776 -----c--- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-14 11:16 . 2008-08-14 11:20 <DIR> d-------- C:\ComboFix
2008-08-14 10:27 . 2008-08-15 13:29 <DIR> d--h----- C:\$AVG8.VAULT$
2008-08-14 10:08 . 2008-08-14 10:08 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-08-14 10:08 . 2008-08-14 10:08 76,040 --a------ C:\WINDOWS\system32\drivers\avgtdix.sys
2008-08-14 10:08 . 2008-08-14 10:08 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-08-14 10:07 . 2008-08-14 10:25 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-08-14 09:59 . 2008-08-14 10:00 48,367,896 --a------ C:\avg_free_stf_en_8_138a1332.exe
2008-08-13 15:59 . 2008-08-13 15:59 <DIR> d-------- C:\Program Files\Trend Micro
2008-08-13 13:33 . 2008-08-14 10:07 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Avg8
2008-08-12 15:06 . 2008-08-12 15:06 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-07-29 10:27 . 2008-07-29 10:27 <DIR> d-------- C:\Program Files\Sun

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-08-15 23:21 --------- d-----w C:\Program Files\Norton AntiVirus
2008-08-15 23:21 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-07-29 14:26 --------- d-----w C:\Program Files\Java
2008-06-20 10:45 360,320 ----a-w C:\WINDOWS\system32\drivers\tcpip.sys
2008-06-20 10:44 138,368 ----a-w C:\WINDOWS\system32\drivers\afd.sys
2008-06-20 09:52 225,920 ----a-w C:\WINDOWS\system32\drivers\tcpip6.sys
2008-05-26 22:49 737,280 ----a-w C:\WINDOWS\iun6002.exe
2008-05-26 22:49 4,114,451 ----a-w C:\Program Files\CncSetup453.exe
2008-05-12 16:19 47,787,248 ----a-w C:\Program Files\avg_free_stf_en_8_100a1295.exe
2004-05-01 03:09 0 --sha-w C:\WINDOWS\SMINST\HPCD.sys
2005-07-13 13:00 56 --sh--r C:\WINDOWS\system32\7FFF4DEBD4.sys
2008-04-13 17:29 848 --sha-w C:\WINDOWS\system32\KGyGaAvL.sys
.

((((((((((((((((((((((((((((( [email protected]_12.45.53.03 )))))))))))))))))))))))))))))))))))))))))
.
+ 2008-07-07 20:06:43 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP2QFE\es.dll
+ 2008-07-07 20:26:58 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3GDR\es.dll
+ 2008-07-07 20:23:18 253,952 ----a-w C:\WINDOWS\$hf_mig$\KB950974\SP3QFE\es.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB950974\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\spcustom.dll
+ 2007-11-30 12:39:18 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\update.exe
+ 2007-11-30 12:39:19 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB950974\update\updspapi.dll
+ 2008-07-14 11:03:00 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP2QFE\tzchange.exe
+ 2008-07-11 12:42:28 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3GDR\tzchange.exe
+ 2008-07-11 12:51:51 62,976 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\SP3QFE\tzchange.exe
+ 2007-11-30 11:18:51 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spmsg.dll
+ 2007-11-30 11:18:51 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\spuninst.exe
+ 2007-11-30 11:18:51 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB951072-v2\update\updspapi.dll
+ 2008-06-24 16:28:00 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP2QFE\mscms.dll
+ 2008-06-24 16:43:16 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3GDR\mscms.dll
+ 2008-06-24 16:53:10 74,240 ----a-w C:\WINDOWS\$hf_mig$\KB952954\SP3QFE\mscms.dll
+ 2007-11-30 12:39:22 17,272 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spmsg.dll
+ 2007-11-30 12:39:22 231,288 ----a-w C:\WINDOWS\$hf_mig$\KB952954\spuninst.exe
+ 2007-11-30 12:39:22 26,488 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\spcustom.dll
+ 2007-11-30 12:39:22 755,576 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\update.exe
+ 2007-11-30 12:39:22 382,840 ----a-w C:\WINDOWS\$hf_mig$\KB952954\update\updspapi.dll
+ 2008-04-23 04:16:28 124,928 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\advpack.dll
+ 2008-04-23 04:16:28 347,136 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtmsft.dll
+ 2008-04-23 04:16:28 214,528 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\dxtrans.dll
+ 2008-04-23 04:16:28 133,120 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\extmgr.dll
+ 2008-04-23 04:16:28 63,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\icardie.dll
+ 2008-04-22 07:39:58 70,656 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ie4uinit.exe
+ 2008-04-23 04:16:28 153,088 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakeng.dll
+ 2008-04-23 04:16:28 230,400 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieaksie.dll
+ 2008-04-20 05:07:51 161,792 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieakui.dll
+ 2008-04-23 04:16:28 383,488 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieapfltr.dll
+ 2008-04-23 04:16:28 384,512 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iedkcs32.dll
+ 2008-04-23 04:16:28 6,066,176 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieframe.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iernonce.dll
+ 2008-04-23 04:16:28 267,776 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iertutil.dll
+ 2008-04-22 07:39:58 13,824 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\ieudinit.exe
+ 2008-04-22 07:40:18 625,664 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\iexplore.exe
+ 2008-04-23 04:16:28 27,648 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\jsproxy.dll
+ 2008-04-23 04:16:28 459,264 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeeds.dll
+ 2008-04-23 04:16:28 52,224 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msfeedsbs.dll
+ 2008-04-24 02:16:30 3,591,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtml.dll
+ 2008-04-23 04:16:28 478,208 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mshtmled.dll
+ 2008-04-23 04:16:28 193,024 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\msrating.dll
+ 2008-04-23 04:16:28 671,232 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\mstime.dll
+ 2008-04-23 04:16:28 102,912 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\occache.dll
+ 2008-04-23 04:16:28 44,544 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\pngfilt.dll
+ 2007-03-06 01:22:39 213,216 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\spuninst.exe
+ 2007-03-06 01:23:51 371,424 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\spuninst\updspapi.dll
+ 2008-04-23 04:16:28 105,984 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\url.dll
+ 2008-04-23 04:16:29 1,159,680 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\urlmon.dll
+ 2008-04-23 04:16:29 233,472 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\webcheck.dll
+ 2008-04-23 04:16:29 826,368 -c----w C:\WINDOWS\ie7updates\KB953838-IE7\wininet.dll
- 2008-04-23 04:16:28 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
+ 2008-06-23 16:57:27 124,928 ----a-w C:\WINDOWS\system32\advpack.dll
- 2008-04-23 04:16:28 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
+ 2008-06-23 16:57:27 124,928 -c--a-w C:\WINDOWS\system32\dllcache\advpack.dll
- 2008-04-23 04:16:28 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 -c--a-w C:\WINDOWS\system32\dllcache\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 -c--a-w C:\WINDOWS\system32\dllcache\dxtrans.dll
+ 2008-07-07 20:32:22 253,952 -c----w C:\WINDOWS\system32\dllcache\es.dll
- 2008-04-23 04:16:28 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
+ 2008-06-23 16:57:27 133,120 -c--a-w C:\WINDOWS\system32\dllcache\extmgr.dll
- 2008-04-23 04:16:28 63,488 -c--a-w C:\WINDOWS\system32\dllcache\icardie.dll
+ 2008-06-23 16:57:28 63,488 -c--a-w C:\WINDOWS\system32\dllcache\icardie.dll
- 2008-04-22 07:39:58 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 -c--a-w C:\WINDOWS\system32\dllcache\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 -c--a-w C:\WINDOWS\system32\dllcache\ieakeng.dll
- 2008-04-23 04:16:28 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 -c--a-w C:\WINDOWS\system32\dllcache\ieaksie.dll
- 2008-04-20 05:07:51 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
+ 2008-06-21 05:23:54 161,792 -c--a-w C:\WINDOWS\system32\dllcache\ieakui.dll
- 2008-04-23 04:16:28 383,488 -c--a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 -c--a-w C:\WINDOWS\system32\dllcache\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 -c--a-w C:\WINDOWS\system32\dllcache\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 -c--a-w C:\WINDOWS\system32\dllcache\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 -c--a-w C:\WINDOWS\system32\dllcache\ieframe.dll
- 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
+ 2008-06-23 16:57:33 44,544 -c--a-w C:\WINDOWS\system32\dllcache\iernonce.dll
- 2008-04-23 04:16:28 267,776 -c--a-w C:\WINDOWS\system32\dllcache\iertutil.dll
+ 2008-06-23 16:57:34 267,776 -c--a-w C:\WINDOWS\system32\dllcache\iertutil.dll
- 2008-04-22 07:39:58 13,824 -c--a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 -c--a-w C:\WINDOWS\system32\dllcache\ieudinit.exe
- 2008-04-22 07:40:18 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
+ 2008-06-23 09:20:52 625,664 -c--a-w C:\WINDOWS\system32\dllcache\iexplore.exe
- 2007-08-21 06:15:44 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 -c--a-w C:\WINDOWS\system32\dllcache\inetcomm.dll
- 2008-04-23 04:16:28 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 -c--a-w C:\WINDOWS\system32\dllcache\jsproxy.dll
+ 2008-06-24 16:23:05 74,240 -c----w C:\WINDOWS\system32\dllcache\mscms.dll
- 2008-04-23 04:16:28 459,264 -c--a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 -c--a-w C:\WINDOWS\system32\dllcache\msfeeds.dll
- 2008-04-23 04:16:28 52,224 -c--a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 -c--a-w C:\WINDOWS\system32\dllcache\msfeedsbs.dll
- 2008-04-24 02:16:30 3,591,680 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
+ 2008-06-24 14:57:40 3,592,192 -c--a-w C:\WINDOWS\system32\dllcache\mshtml.dll
- 2008-04-23 04:16:28 478,208 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 -c--a-w C:\WINDOWS\system32\dllcache\mshtmled.dll
- 2008-04-23 04:16:28 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
+ 2008-06-23 16:57:39 193,024 -c--a-w C:\WINDOWS\system32\dllcache\msrating.dll
- 2008-04-23 04:16:28 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
+ 2008-06-23 16:57:40 671,232 -c--a-w C:\WINDOWS\system32\dllcache\mstime.dll
- 2008-04-23 04:16:28 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
+ 2008-06-23 16:57:40 102,912 -c--a-w C:\WINDOWS\system32\dllcache\occache.dll
- 2008-04-23 04:16:28 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 -c--a-w C:\WINDOWS\system32\dllcache\pngfilt.dll
- 2008-04-23 04:16:28 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
+ 2008-06-23 16:57:40 105,984 -c--a-w C:\WINDOWS\system32\dllcache\url.dll
- 2008-04-23 04:16:29 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 -c--a-w C:\WINDOWS\system32\dllcache\urlmon.dll
- 2008-04-23 04:16:29 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
+ 2008-06-23 16:57:41 233,472 -c--a-w C:\WINDOWS\system32\dllcache\webcheck.dll
- 2008-04-23 04:16:29 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
+ 2008-06-23 16:57:41 826,368 -c--a-w C:\WINDOWS\system32\dllcache\wininet.dll
- 2008-04-23 04:16:28 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
+ 2008-06-23 16:57:27 347,136 ----a-w C:\WINDOWS\system32\dxtmsft.dll
- 2008-04-23 04:16:28 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
+ 2008-06-23 16:57:27 214,528 ----a-w C:\WINDOWS\system32\dxtrans.dll
- 2005-07-26 04:39:45 243,200 ----a-w C:\WINDOWS\system32\es.dll
+ 2008-07-07 20:32:22 253,952 ----a-w C:\WINDOWS\system32\es.dll
- 2008-04-23 04:16:28 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
+ 2008-06-23 16:57:27 133,120 ----a-w C:\WINDOWS\system32\extmgr.dll
- 2008-04-23 04:16:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
+ 2008-06-23 16:57:28 63,488 ----a-w C:\WINDOWS\system32\icardie.dll
- 2008-04-22 07:39:58 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
+ 2008-06-23 09:20:25 70,656 ----a-w C:\WINDOWS\system32\ie4uinit.exe
- 2008-04-23 04:16:28 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
+ 2008-06-23 16:57:29 153,088 ----a-w C:\WINDOWS\system32\ieakeng.dll
- 2008-04-23 04:16:28 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
+ 2008-06-23 16:57:29 230,400 ----a-w C:\WINDOWS\system32\ieaksie.dll
- 2008-04-20 05:07:51 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
+ 2008-06-21 05:23:54 161,792 ----a-w C:\WINDOWS\system32\ieakui.dll
- 2008-04-23 04:16:28 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
+ 2008-06-23 16:57:29 383,488 ----a-w C:\WINDOWS\system32\ieapfltr.dll
- 2008-04-23 04:16:28 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
+ 2008-06-23 16:57:29 384,512 ----a-w C:\WINDOWS\system32\iedkcs32.dll
- 2008-04-23 04:16:28 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
+ 2008-06-23 16:57:33 6,066,176 ----a-w C:\WINDOWS\system32\ieframe.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
+ 2008-06-23 16:57:33 44,544 ----a-w C:\WINDOWS\system32\iernonce.dll
- 2008-04-23 04:16:28 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
+ 2008-06-23 16:57:34 267,776 ----a-w C:\WINDOWS\system32\iertutil.dll
- 2008-04-22 07:39:58 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
+ 2008-06-23 09:20:26 13,824 ----a-w C:\WINDOWS\system32\ieudinit.exe
- 2007-08-21 06:15:44 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
+ 2008-04-11 18:50:43 683,520 ----a-w C:\WINDOWS\system32\inetcomm.dll
- 2008-04-23 04:16:28 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
+ 2008-06-23 16:57:35 27,648 ----a-w C:\WINDOWS\system32\jsproxy.dll
- 2007-10-11 18:12:48 1,468,968 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
+ 2008-03-20 22:06:36 1,480,232 ----a-w C:\WINDOWS\system32\LegitCheckControl.dll
- 2008-06-25 16:15:46 17,972,344 ----a-w C:\WINDOWS\system32\MRT.exe
+ 2008-08-05 18:11:01 15,888,504 ----a-w C:\WINDOWS\system32\MRT.exe
- 2005-06-29 01:46:00 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
+ 2008-06-24 16:23:05 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
- 2008-04-23 04:16:28 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
+ 2008-06-23 16:57:36 459,264 ----a-w C:\WINDOWS\system32\msfeeds.dll
- 2008-04-23 04:16:28 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
+ 2008-06-23 16:57:36 52,224 ----a-w C:\WINDOWS\system32\msfeedsbs.dll
- 2008-04-24 02:16:30 3,591,680 ----a-w C:\WINDOWS\system32\mshtml.dll
+ 2008-06-24 14:57:40 3,592,192 ----a-w C:\WINDOWS\system32\mshtml.dll
- 2008-04-23 04:16:28 478,208 ----a-w C:\WINDOWS\system32\mshtmled.dll
+ 2008-06-23 16:57:39 477,696 ----a-w C:\WINDOWS\system32\mshtmled.dll
- 2008-04-23 04:16:28 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
+ 2008-06-23 16:57:39 193,024 ----a-w C:\WINDOWS\system32\msrating.dll
- 2008-04-23 04:16:28 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
+ 2008-06-23 16:57:40 671,232 ----a-w C:\WINDOWS\system32\mstime.dll
- 2008-04-23 04:16:28 102,912 ----a-w C:\WINDOWS\system32\occache.dll
+ 2008-06-23 16:57:40 102,912 ----a-w C:\WINDOWS\system32\occache.dll
- 2008-04-23 04:16:28 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
+ 2008-06-23 16:57:40 44,544 ----a-w C:\WINDOWS\system32\pngfilt.dll
- 2007-11-13 11:31:11 60,416 ----a-w C:\WINDOWS\system32\tzchange.exe
+ 2008-07-14 11:09:18 62,976 ----a-w C:\WINDOWS\system32\tzchange.exe
- 2008-04-23 04:16:28 105,984 ----a-w C:\WINDOWS\system32\url.dll
+ 2008-06-23 16:57:40 105,984 ----a-w C:\WINDOWS\system32\url.dll
- 2008-04-23 04:16:29 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
+ 2008-06-23 16:57:40 1,159,680 ----a-w C:\WINDOWS\system32\urlmon.dll
- 2008-04-23 04:16:29 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
+ 2008-06-23 16:57:41 233,472 ----a-w C:\WINDOWS\system32\webcheck.dll
- 2008-04-23 04:16:29 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
+ 2008-06-23 16:57:41 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
.
-- Snapshot reset to current date --
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"LogitechSoftwareUpdate"="C:\Program Files\Logitech\Video\ManifestEngine.exe" [2005-01-18 17:07 196608]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 00:56 15360]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.Exe" [2007-01-19 12:54 5674352]
"WMPNSCFG"="C:\Program Files\Windows Media Player\WMPNSCFG.exe" [2006-10-18 21:05 204288]
"EPSON Stylus C42 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE" [2002-02-19 04:03 74240]
"MoneyAgent"="C:\Program Files\Microsoft Money\System\mnyexpr.exe" [2002-07-17 21:00 200767]
"NVIEW"="nview.dll" [2003-05-03 02:19 835654 C:\WINDOWS\system32\nview.dll]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-02-06 20:43 155648]
"TkBellExe"="C:\Program Files\Common Files\Real\Update_OB\realsched.exe" [2005-11-28 22:31 180269]
"EPSON Stylus C42 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE" [2002-02-19 04:03 74240]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 04:27 144784]
"AVG8_TRAY"="C:\PROGRA~1\AVG\AVG8\avgtray.exe" [2008-08-14 10:07 1232152]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38 39264]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\RunOnce]
"RunNarrator"="Narrator.exe" [2006-10-04 04:48 53760 C:\WINDOWS\system32\narrator.exe]

C:\WINDOWS\system32\config\systemprofile\Start Menu\Programs\Startup\
mod_sm.lnk - C:\hp\bin\cloaker.exe [1999-11-07 10:11:14 27136]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Adobe Reader Speed Launch.lnk - C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2008-04-23 03:38:16 29696]
Logitech Desktop Messenger.lnk - C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe [2005-10-01 10:41:19 450560]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\OPXPGina]
2003-02-21 06:50 40960 C:\Program Files\Softex\OmniPass\OPXPGina.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusOverride"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\backWeb-8876480.exe"=
"C:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"C:\\WINDOWS\\system32\\fxsclnt.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgemc.exe"=
"C:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

R1 AvgLdx86;AVG Free AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-08-14 10:08]
R2 avg8emc;AVG Free8 E-mail Scanner;C:\PROGRA~1\AVG\AVG8\avgemc.exe [2008-08-14 10:07]
R2 avg8wd;AVG Free8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-08-14 10:07]
R2 AvgTdiX;AVG Free8 Network Redirector;C:\WINDOWS\system32\Drivers\avgtdix.sys [2008-08-14 10:08]

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder

2008-08-15 C:\WINDOWS\Tasks\MP Scheduled Scan.job
- C:\Program Files\Windows Defender\MpCmdRun.exe [2006-11-03 19:20]
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-08-15 21:45:56
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

PROCESS: C:\WINDOWS\system32\winlogon.exe
-> C:\Program Files\Softex\OmniPass\opxpgina.dll
.
Completion time: 2008-08-15 21:53:39
ComboFix-quarantined-files.txt 2008-08-16 01:53:32
ComboFix2.txt 2008-08-14 16:48:43

Pre-Run: 61,433,360,384 bytes free
Post-Run: 61,482,549,248 bytes free

314 --- E O F --- 2008-08-15 07:09:02
  • 0

#24
kenny34983

kenny34983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:15:40 PM, on 8/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Softex\OmniPass\Omniserv.exe
C:\WINDOWS\System32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\PROGRA~1\AVG\AVG8\avgemc.exe
C:\Program Files\Softex\OmniPass\OPXPApp.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\PROGRA~1\AVG\AVG8\avgtray.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\MSN Messenger\MsnMsgr.Exe
C:\Program Files\Windows Media Player\WMPNSCFG.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\WINDOWS\system32\NOTEPAD.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = callus.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft....k/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft....k/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft....k/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft....k/?LinkId=69157
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = localhost;<local>
O2 - BHO: (no name) - {243B17DE-77C7-46BF-B94B-0B5F309A0E64} - C:\Program Files\Microsoft Money\System\mnyside.dll
O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [TkBellExe] "C:\Program Files\Common Files\Real\Update_OB\realsched.exe" -osboot
O4 - HKLM\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /P23 "EPSON Stylus C42 Series" /O6 "USB001" /M "Stylus C42"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe
O4 - HKCU\..\Run: [NVIEW] rundll32.exe nview.dll,nViewLoadHook
O4 - HKCU\..\Run: [LogitechSoftwareUpdate] "C:\Program Files\Logitech\Video\ManifestEngine.exe" boot
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msnmsgr] "C:\Program Files\MSN Messenger\MsnMsgr.Exe" /background
O4 - HKCU\..\Run: [WMPNSCFG] C:\Program Files\Windows Media Player\WMPNSCFG.exe
O4 - HKCU\..\Run: [EPSON Stylus C42 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_S10IC1.EXE /A "C:\WINDOWS\system32\E_S1B2.tmp"
O4 - HKCU\..\Run: [MoneyAgent] "C:\Program Files\Microsoft Money\System\mnyexpr.exe"
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\S-1-5-18\..\RunOnce: [RunNarrator] Narrator.exe (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - HKUS\.DEFAULT\..\RunOnce: [RunNarrator] Narrator.exe (User 'Default user')
O4 - S-1-5-18 Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'SYSTEM')
O4 - .DEFAULT Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - .DEFAULT User Startup: mod_sm.lnk = C:\hp\bin\cloaker.exe (User 'Default user')
O4 - Global Startup: Adobe Reader Speed Launch.lnk = C:\Program Files\Adobe\Acrobat 7.0\Reader\reader_sl.exe
O4 - Global Startup: Logitech Desktop Messenger.lnk = C:\Program Files\Logitech\Desktop Messenger\8876480\Program\LDMConf.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: MoneySide - {E023F504-0C5A-4750-A1E7-A9046DEA8A21} - C:\Program Files\Microsoft Money\System\mnyside.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O10 - Unknown file in Winsock LSP: c:\windows\system32\nwprovau.dll
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - http://echat.bellsou...oad/tgctlcm.cab
O16 - DPF: {04E214E5-63AF-4236-83C6-A7ADCBF9BD02} (HouseCall Control) - http://housecall60.t...all/xscan60.cab
O16 - DPF: {11260943-421B-11D0-8EAC-0000C07D88CF} (iPIX ActiveX Control) - http://www.ipix.com/download/ipixx.cab
O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://update.micros...b?1121527955640
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.micros...b?1121545188968
O16 - DPF: {7E9522CF-6B95-46D6-8E2F-7638F507313F} (BLS_SpeedOP.systemcheck) - http://www.fastacces...bls_speedop.cab
O16 - DPF: {90C9629E-CD32-11D3-BBFB-00105A1F0D68} (InstallShield International Setup Player) - http://www.lowrance....M68C/isetup.cab
O16 - DPF: {9841D1AE-9C0B-11D3-9452-00105A098C21} (Pegasus PrintPRO Control v2.0) - http://www.cherokeen...ls/prntpro2.CAB
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.c.../cpcScanner.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn...pDownloader.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O20 - AppInit_DLLs: avgrsstx.dll
O23 - Service: AVG Free8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe
O23 - Service: AVG Free8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPodService - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NVIDIA Driver Helper Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\System32\nvsvc32.exe
O23 - Service: Softex OmniPass Service (omniserv) - Unknown owner - C:\Program Files\Softex\OmniPass\Omniserv.exe

--
End of file - 8341 bytes
OK that is all I think. AVG found a virus yesterday AM and the PC re-boots and turns on slowly, but it has been slow a long time. One newish little problem. I got a screen saying something like your virtual memory is low blah blah. That is all I have noticed
Kenny
  • 0

#25
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts

AVG found a virus yesterday AM

looks like combofix cleared it out, but we will do a couple of scans to make sure

One newish little problem. I got a screen saying something like your virtual memory is low blah blah

we will take a look into this.

the PC re-boots and turns on slowly, but it has been slow a long time.

if it was pre-the infection then i suspect it is related to you machine. once we are done here then i can send you to another part of the forum who are much better able to help you with this matter.

from here no in, make sure your AVG is active and updated.


====STEP 1====
Please re-open HiJackThis and scan. Check the boxes next to all the entries listed below.

O16 - DPF: {1F2F4C9E-6F09-47BC-970D-3C54734667FE} - http://www.symantec....rl/LSSupCtl.cab
O16 - DPF: {3451DEDE-631F-421C-8127-FD793AFC6CC8} (ActiveDataInfo Class) - http://www.symantec....rl/SymAData.cab
O16 - DPF: {44990200-3C9D-426D-81DF-AAB636FA4345} (Symantec SmartIssue) - https://www-secure.s...trl/tgctlsi.cab
O16 - DPF: {44990301-3C9D-426D-81DF-AAB636FA4345} (Symantec Script Runner Class) - https://www-secure.s...trl/tgctlsr.cab
O16 - DPF: {CE28D5D2-60CF-4C7D-9FE8-0F47A3308078} (ActiveDataInfo Class) - http://www.symantec....sa/SymAData.cab

Now close all windows other than HiJackThis, then click Fix Checked.



====STEP 2====
Download and scan with SUPERAntiSpyware Free for Home Users
  • Double-click SUPERAntiSpyware.exe and use the default settings for installation.
  • An icon will be created on your desktop. Double-click that icon to launch the program.
  • If asked to update the program definitions, click "Yes". If not, update the definitions before scanning by selecting "Check for Updates". (If you encounter any problems while downloading the updates, manually download and unzip them from here.)
  • Under "Configuration and Preferences", click the Preferences button.
  • Click the Scanning Control tab.
  • Under Scanner Options make sure the following are checked (leave all others unchecked):
    • Close browsers before scanning.
    • Scan for tracking cookies.
    • Terminate memory threats before quarantining.
  • Click the "Close" button to leave the control center screen.
  • Back on the main screen, under "Scan for Harmful Software" click Scan your computer.
  • On the left, make sure you check C:\Fixed Drive.
  • On the right, under "Complete Scan", choose Perform Complete Scan.
  • Click "Next" to start the scan. Please be patient while it scans your computer.
  • After the scan is complete, a Scan Summary box will appear with potentially harmful items that were detected. Click "OK".
  • Make sure everything has a checkmark next to it and click "Next".
  • A notification will appear that "Quarantine and Removal is Complete". Click "OK" and then click the "Finish" button to return to the main menu.
  • If asked if you want to reboot, click "Yes".
  • To retrieve the removal information after reboot, launch SUPERAntispyware again.
    • Click Preferences, then click the Statistics/Logs tab.
    • Under Scanner Logs, double-click SUPERAntiSpyware Scan Log.
    • If there are several logs, click the current dated log and press View log. A text file will open in your default text editor.
    • Please copy and paste the Scan Log results in your next reply.
  • Click Close to exit the program.

====STEP 3====
lets see if we can resolve your virtual memory problem

1. Click [/b]Start[/b], right-click My Computer, and then click Properties.
2. In the System Properties dialog box, click the Advanced tab.
3. In the Performance pane, click Settings.
4. In the Performance Options dialog box, click the Advanced tab.
5. In the Virtual memory pane, click Change.
6. Change the Initial size value and the Maximum size value to a higher value, click Set, and then click OK.
7. Click OK to close the Performance Options dialog box, and then click OK to close the System Properties dialog box.


====STEP 4====
Open HijackThis, click Config, click Misc Tools
Click "Open Uninstall Manager"
Click "Save List" (generates uninstall_list.txt)
Click Save, copy and paste the results in your next post.


====STEP 5====
Download OTScanIt.exe to your Desktop and double-click on it to extract the files. It will create a folder named OTScanIt on your desktop.
  • Close any open browsers.
  • If your Real protection or Antivirus intervenes with OTScanIt, allow it to run.
  • Open the OTScanit folder and double-click on OTScanit.exe to start the program.
  • Now click the Run Scan button on the toolbar.
  • The program will be scanning huge amounts of data so depending on your system it could take a long time to complete. Let it run unhindered until it finishes.
  • When the scan is complete Notepad will open with the report file loaded in it.
  • Save that notepad file
If the log is too large to post, use the Reply button, scroll down to the attachments section and attach the notepad file here.

To attach a file, do the following:
  • Click Add Reply
  • Under the reply panel is the Attachments Panel
  • Browse for the attachment file you want to upload, then click the green Upload button
  • Once it has uploaded, click the Manage Current Attachments drop down box
  • Click on Posted Image to insert the attachment into your post
In your next reply could i see:
1. the SUPERantispyware log
2. the uninstall list
3. the OTScanIT log (attached if it is too big to copy and paste)

The text from these files may exceed the maximum post length for this forum. Hence, you may need to post the information over 2 or more posts.

andrewuk
  • 0

Advertisements


#26
kenny34983

kenny34983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
Adobe Flash Player ActiveX
Adobe Photoshop Album Starter Edition
Adobe Reader 7.1.0
ArcSoft ShowBiz 2
AVG Free 8.0
Blackhawk Striker from Compaq (remove only)
Blasterball 2 from Compaq (remove only)
Bounce from Compaq (remove only)
BroadJump Client Foundation
Cannonballs from Compaq (remove only)
CncSimulator 4.52f
Compaq Organize
EPSON Printer Software
EPSON Stylus C42 User's Manual
Excavation from Compaq (remove only)
FinePixViewer Ver.4.3
Five Card Frenzy from Compaq (remove only)
FUJIFILM USB Driver
GemMaster 3 from Compaq (remove only)
HighMAT Extension to Microsoft Windows XP CD Writing Wizard
HijackThis 2.0.2
Honeycombs from Compaq (remove only)
Hotfix for Windows Internet Explorer 7 (KB947864)
Hotfix for Windows Media Format 11 SDK (KB929399)
Hotfix for Windows Media Format SDK (KB902344)
Hotfix for Windows Media Player 11 (KB939683)
Hotfix for Windows XP (KB896344)
Hotfix for Windows XP (KB914440)
Hotfix for Windows XP (KB915865)
Hotfix for Windows XP (KB926239)
Hotfix for Windows XP (KB952287)
HP Deskjet Preloaded Printer Drivers
Instant Support
Intel® Extreme Graphics 2 Driver
IntelliMover Data Transfer Demo
InterVideo WinDVD Player
iTunes
J2SE Runtime Environment 5.0 Update 11
J2SE Runtime Environment 5.0 Update 4
J2SE Runtime Environment 5.0 Update 6
J2SE Runtime Environment 5.0 Update 9
Java 2 Runtime Environment, SE v1.4.1_02
Java Web Start
Java™ 6 Update 5
Java™ 6 Update 7
Java™ SE Runtime Environment 6 Update 1
KBD
Logitech Desktop Messenger
Logitech Print Service
Logitech QuickCam Software
Logitech® Camera Driver
Malwarebytes' Anti-Malware
Mars Rover from Compaq (remove only)
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1
Microsoft .NET Framework 1.1 Hotfix (KB928366)
Microsoft .NET Framework 2.0 Service Pack 1
Microsoft .NET Framework 3.0 Service Pack 1
Microsoft Base Smart Card Cryptographic Service Provider Package
Microsoft Compression Client Pack 1.0 for Windows XP
Microsoft Internationalized Domain Names Mitigation APIs
Microsoft Money 2003
Microsoft Money 2003 System Pack
Microsoft National Language Support Downlevel APIs
Microsoft Plus! Digital Media Edition
Microsoft User-Mode Driver Framework Feature Pack 1.0
Microsoft Visual C++ 2005 Redistributable
Microsoft Visual J# .NET Redistributable Package 1.1
Microsoft Works 7.0
MSXML 6.0 Parser (KB933579)
MUSICMATCH® Jukebox
NVIDIA Gart Driver
NVIDIA Windows 2000/XP Display Drivers
OmniPass
OpenOffice.org Installer 1.0
Orbital from Compaq (remove only)
Otto from Compaq (remove only)
PC-Doctor for Windows
Polar Bowler from Compaq (remove only)
PS2
Python 2.2 combined Win32 extensions
Python 2.2.1
QuickTime
RAW FILE CONVERTER LE
RealPlayer
RecordNow!
S3Display
S3Gamma2
S3Info2
S3Overlay
Security Update for CAPICOM (KB931906)
Security Update for CAPICOM (KB931906)
Security Update for Step By Step Interactive Training (KB898458)
Security Update for Step By Step Interactive Training (KB923723)
Security Update for Windows Internet Explorer 7 (KB928090)
Security Update for Windows Internet Explorer 7 (KB929969)
Security Update for Windows Internet Explorer 7 (KB931768)
Security Update for Windows Internet Explorer 7 (KB933566)
Security Update for Windows Internet Explorer 7 (KB937143)
Security Update for Windows Internet Explorer 7 (KB938127)
Security Update for Windows Internet Explorer 7 (KB939653)
Security Update for Windows Internet Explorer 7 (KB942615)
Security Update for Windows Internet Explorer 7 (KB944533)
Security Update for Windows Internet Explorer 7 (KB950759)
Security Update for Windows Internet Explorer 7 (KB953838)
Security Update for Windows Media Player (KB911564)
Security Update for Windows Media Player 10 (KB911565)
Security Update for Windows Media Player 10 (KB917734)
Security Update for Windows Media Player 11 (KB936782)
Security Update for Windows Media Player 6.4 (KB925398)
Security Update for Windows XP (KB883939)
Security Update for Windows XP (KB890046)
Security Update for Windows XP (KB893066)
Security Update for Windows XP (KB893756)
Security Update for Windows XP (KB896358)
Security Update for Windows XP (KB896422)
Security Update for Windows XP (KB896423)
Security Update for Windows XP (KB896424)
Security Update for Windows XP (KB896428)
Security Update for Windows XP (KB896688)
Security Update for Windows XP (KB899587)
Security Update for Windows XP (KB899588)
Security Update for Windows XP (KB899591)
Security Update for Windows XP (KB900725)
Security Update for Windows XP (KB901017)
Security Update for Windows XP (KB901190)
Security Update for Windows XP (KB901214)
Security Update for Windows XP (KB902400)
Security Update for Windows XP (KB903235)
Security Update for Windows XP (KB904706)
Security Update for Windows XP (KB905414)
Security Update for Windows XP (KB905749)
Security Update for Windows XP (KB905915)
Security Update for Windows XP (KB908519)
Security Update for Windows XP (KB908531)
Security Update for Windows XP (KB911280)
Security Update for Windows XP (KB911562)
Security Update for Windows XP (KB911567)
Security Update for Windows XP (KB911927)
Security Update for Windows XP (KB912812)
Security Update for Windows XP (KB912919)
Security Update for Windows XP (KB913446)
Security Update for Windows XP (KB913580)
Security Update for Windows XP (KB914388)
Security Update for Windows XP (KB914389)
Security Update for Windows XP (KB916281)
Security Update for Windows XP (KB917159)
Security Update for Windows XP (KB917344)
Security Update for Windows XP (KB917422)
Security Update for Windows XP (KB917953)
Security Update for Windows XP (KB918118)
Security Update for Windows XP (KB918439)
Security Update for Windows XP (KB918899)
Security Update for Windows XP (KB919007)
Security Update for Windows XP (KB920213)
Security Update for Windows XP (KB920214)
Security Update for Windows XP (KB920670)
Security Update for Windows XP (KB920683)
Security Update for Windows XP (KB920685)
Security Update for Windows XP (KB921398)
Security Update for Windows XP (KB921503)
Security Update for Windows XP (KB921883)
Security Update for Windows XP (KB922616)
Security Update for Windows XP (KB922760)
Security Update for Windows XP (KB922819)
Security Update for Windows XP (KB923191)
Security Update for Windows XP (KB923414)
Security Update for Windows XP (KB923689)
Security Update for Windows XP (KB923694)
Security Update for Windows XP (KB923980)
Security Update for Windows XP (KB924191)
Security Update for Windows XP (KB924270)
Security Update for Windows XP (KB924496)
Security Update for Windows XP (KB924667)
Security Update for Windows XP (KB925486)
Security Update for Windows XP (KB925902)
Security Update for Windows XP (KB926255)
Security Update for Windows XP (KB926436)
Security Update for Windows XP (KB927779)
Security Update for Windows XP (KB927802)
Security Update for Windows XP (KB928255)
Security Update for Windows XP (KB928843)
Security Update for Windows XP (KB929123)
Security Update for Windows XP (KB930178)
Security Update for Windows XP (KB931261)
Security Update for Windows XP (KB931784)
Security Update for Windows XP (KB932168)
Security Update for Windows XP (KB933729)
Security Update for Windows XP (KB935839)
Security Update for Windows XP (KB935840)
Security Update for Windows XP (KB936021)
Security Update for Windows XP (KB938829)
Security Update for Windows XP (KB941202)
Security Update for Windows XP (KB941568)
Security Update for Windows XP (KB941569)
Security Update for Windows XP (KB941644)
Security Update for Windows XP (KB941693)
Security Update for Windows XP (KB943055)
Security Update for Windows XP (KB943460)
Security Update for Windows XP (KB943485)
Security Update for Windows XP (KB944653)
Security Update for Windows XP (KB945553)
Security Update for Windows XP (KB946026)
Security Update for Windows XP (KB946648)
Security Update for Windows XP (KB948590)
Security Update for Windows XP (KB948881)
Security Update for Windows XP (KB950749)
Security Update for Windows XP (KB950760)
Security Update for Windows XP (KB950762)
Security Update for Windows XP (KB950974)
Security Update for Windows XP (KB951066)
Security Update for Windows XP (KB951376)
Security Update for Windows XP (KB951376-v2)
Security Update for Windows XP (KB951698)
Security Update for Windows XP (KB951748)
Security Update for Windows XP (KB952954)
Security Update for Windows XP (KB953839)
Slyder from Compaq (remove only)
Sonic Update Manager
Spell Checker For OE 2.1
STX from Compaq (remove only)
SUPERAntiSpyware Free Edition
Update for Windows XP (KB894391)
Update for Windows XP (KB896727)
Update for Windows XP (KB898461)
Update for Windows XP (KB900485)
Update for Windows XP (KB900930)
Update for Windows XP (KB904942)
Update for Windows XP (KB910437)
Update for Windows XP (KB912945)
Update for Windows XP (KB916595)
Update for Windows XP (KB920342)
Update for Windows XP (KB920872)
Update for Windows XP (KB922582)
Update for Windows XP (KB925720)
Update for Windows XP (KB925876)
Update for Windows XP (KB927891)
Update for Windows XP (KB929338)
Update for Windows XP (KB930916)
Update for Windows XP (KB931836)
Update for Windows XP (KB932823-v3)
Update for Windows XP (KB933360)
Update for Windows XP (KB936357)
Update for Windows XP (KB938828)
Update for Windows XP (KB942763)
Update for Windows XP (KB951072-v2)
Viewpoint Media Player (Remove Only)
Virtual Warfare from Compaq (remove only)
Weblink
Windows Defender
Windows Defender Signatures
Windows Genuine Advantage v1.3.0254.0
Windows Imaging Component
Windows Installer 3.1 (KB893803)
Windows Internet Explorer 7
Windows Live Messenger
Windows Media Connect
Windows Media Format 11 runtime
Windows Media Format 11 runtime
Windows Media Format SDK Hotfix - KB891122
Windows Media Player 11
Windows Media Player 11
Windows Presentation Foundation
Windows XP Hotfix - KB873333
Windows XP Hotfix - KB873339
Windows XP Hotfix - KB885250
Windows XP Hotfix - KB885835
Windows XP Hotfix - KB885836
Windows XP Hotfix - KB886185
Windows XP Hotfix - KB887472
Windows XP Hotfix - KB887742
Windows XP Hotfix - KB887797
Windows XP Hotfix - KB888113
Windows XP Hotfix - KB888302
Windows XP Hotfix - KB890175
Windows XP Hotfix - KB890859
Windows XP Hotfix - KB891781
Windows XP Hotfix - KB893086
Windows XP Service Pack 2
WordPerfect Office 12

Here is the uninstallSUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/17/2008 at 10:27 AM

Application Version : 4.15.1000

Core Rules Database Version : 3538
Trace Rules Database Version: 1527

Scan type : Complete Scan
Total Scan Time : 01:29:21

Memory items scanned : 354
Memory threats detected : 0
Registry items scanned : 5437
Registry threats detected : 0
File items scanned : 71503
File threats detected : 31

Adware.Tracking Cookie
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected]usion[2].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Cookies\[email protected][1].txt.vir
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Cookies\[email protected][2].txt.vir

NotHarmful.Sysinternals Bluescreen Screen Saver
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BLPHC5LNJ0EAAT.SCR.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1026\A0055456.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1027\A0055508.SCR

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PHC5LNJ0EAAT.BMP.VIR

Rogue.MalwareProtector/Variant
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PPHC5LNJ0EAAT.EXE.VIR

Rogue.AntiVirus XP 2008
C:\SYSTEM VOLUME INFORMATION\_RESTORE{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1027\A0055557.EXE
The OTScanIT to follow
  • 0

#27
kenny34983

kenny34983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
AVG finds (Trojan horse generic 11.ow ) just before downloading OTScanIt can finish. Do I have to change something. Sorry for the delay I had to catch a few fish before the hurricane arrived and cut my power.
  • 0

#28
kenny34983

kenny34983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
I mean arrives and cuts my power
  • 0

#29
andrewuk

andrewuk

    Trusted Helper

  • Malware Removal
  • 5,297 posts
seems the fixtool is being caught by your antivirus program. for the duration of downloading and running it, disable AVG.

once the run is complete, then re-enable AVG.
  • 0

#30
kenny34983

kenny34983

    Member

  • Topic Starter
  • Member
  • PipPip
  • 49 posts
SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 08/17/2008 at 10:27 AM

Application Version : 4.15.1000

Core Rules Database Version : 3538
Trace Rules Database Version: 1527

Scan type : Complete Scan
Total Scan Time : 01:29:21

Memory items scanned : 354
Memory threats detected : 0
Registry items scanned : 5437
Registry threats detected : 0
File items scanned : 71503
File threats detected : 31

Adware.Tracking Cookie
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\owne[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][1].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\Documents and Settings\Owner\cookies\[email protected][2].txt
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Cookies\[email protected][1].txt.vir
C:\QooBox\Quarantine\C\Documents and Settings\Owner\Cookies\[email protected][2].txt.vir

NotHarmful.Sysinternals Bluescreen Screen Saver
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\BLPHC5LNJ0EAAT.SCR.VIR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1026\A0055456.SCR
C:\SYSTEM VOLUME INFORMATION\_RESTORE{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1027\A0055508.SCR

Trojan.Unknown Origin
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PHC5LNJ0EAAT.BMP.VIR

Rogue.MalwareProtector/Variant
C:\QOOBOX\QUARANTINE\C\WINDOWS\SYSTEM32\PPHC5LNJ0EAAT.EXE.VIR

Rogue.AntiVirus XP 2008
C:\SYSTEM VOLUME INFORMATION\_RESTORE{10D4B4EE-7C0B-4339-9C74-3091462FA969}\RP1027\A0055557.EXE
This all the requested logs etc.
  • 0






Similar Topics

0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users

As Featured On:

Microsoft Yahoo BBC MSN PC Magazine Washington Post HP