Do that and run ComboFix again
Malicious Page Redirects from Google searches [Solved]
Started by
Wasuremono
, May 04 2009 01:13 PM
#31
Posted 10 May 2009 - 03:27 PM
Do that and run ComboFix again
#32
Posted 10 May 2009 - 04:10 PM
here is my log again. I disabled Comodo for sure in the system tray, and the process ended too. I'm not really sure why the combofix log says "enabled". I'm pretty sure it is not running though.
ComboFix 09-05-09.05 - Hans 05/10/2009 17:40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2530 [GMT -4:00]
Running from: c:\documents and settings\Hans\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090509-0] *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
.
((((((((((((((((((((((((( Files Created from 2009-04-10 to 2009-05-10 )))))))))))))))))))))))))))))))
.
2009-05-10 19:28 . 2009-05-10 20:56 -------- d-----w c:\documents and settings\Hans\Local Settings\Application Data\FullTiltPoker
2009-05-06 21:21 . 2009-05-06 21:21 -------- d-----w C:\_OTListIt
2009-05-05 22:04 . 2009-05-09 21:29 -------- d-----w C:\Lop SD
2009-05-05 21:46 . 2009-05-05 21:46 -------- d--h--w c:\windows\PIF
2009-05-04 20:56 . 2008-06-19 20:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-04 20:55 . 2009-05-04 20:55 -------- d-----w c:\program files\Panda Security
2009-05-04 17:07 . 2009-05-04 17:07 -------- d-----w C:\Rooter$
2009-05-04 16:59 . 2009-05-04 17:00 -------- d-----w c:\program files\ERUNT
2009-05-04 07:53 . 2009-05-04 07:53 -------- d-----w c:\program files\Alwil Software
2009-05-04 07:07 . 2009-05-04 13:45 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-05-04 07:07 . 2009-05-04 07:07 155384 ----a-w c:\windows\system32\guard32.dll
2009-05-04 07:07 . 2009-05-04 07:07 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-05-04 07:07 . 2009-05-04 07:07 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-05-04 07:07 . 2009-05-04 07:07 -------- d-----w c:\program files\COMODO
2009-05-04 06:58 . 2009-05-06 01:29 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-04 06:58 . 2009-05-04 07:01 -------- d-----w c:\program files\SpywareBlaster
2009-05-04 06:28 . 2009-05-04 06:28 -------- d-----w c:\windows\system32\scripting
2009-05-04 06:28 . 2009-05-04 06:28 -------- d-----w c:\windows\l2schemas
2009-05-04 06:28 . 2009-05-04 06:28 -------- d-----w c:\windows\system32\en
2009-05-04 06:28 . 2009-05-04 06:28 -------- d-----w c:\windows\system32\bits
2009-05-04 06:27 . 2009-05-04 06:28 -------- d-----w c:\windows\ServicePackFiles
2009-05-04 04:31 . 2009-05-04 04:31 -------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-05-04 04:19 . 2009-05-04 04:19 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-04 04:19 . 2009-05-04 04:19 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-04 04:19 . 2009-05-04 04:19 -------- d-----w c:\documents and settings\Hans\Application Data\SUPERAntiSpyware.com
2009-05-04 04:03 . 2009-05-04 04:02 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-03 18:49 . 2009-05-04 06:04 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-03 18:43 . 2009-05-03 18:43 -------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-05-03 18:25 . 2009-05-03 18:25 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-01 21:38 . 2009-05-01 21:38 -------- d-----w c:\windows\system32\NtmsData
2009-05-01 21:12 . 2009-05-01 21:12 -------- d-----w c:\documents and settings\Hans\Application Data\Malwarebytes
2009-05-01 21:12 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 21:12 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 21:12 . 2009-05-01 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 21:12 . 2009-05-01 21:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 21:00 . 2009-05-01 21:00 -------- d-----w C:\VundoFix Backups
2009-05-01 21:00 . 2009-05-01 21:00 -------- d-----w c:\program files\Storm
2009-05-01 20:59 . 2009-05-01 20:59 -------- d-----w c:\program files\Microsoft XNA
2009-05-01 06:24 . 2009-05-03 19:01 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-14 08:18 . 2009-04-14 08:18 25992 ----a-w c:\windows\system32\pgdfgsvc.exe
2009-04-14 02:50 . 2009-04-16 16:00 -------- d-----w c:\program files\Prevx
2009-04-14 02:24 . 2009-04-14 02:24 -------- d-----w c:\program files\Trend Micro
2009-04-14 01:58 . 2009-04-14 01:58 -------- d-----w c:\documents and settings\All Users\Application Data\Uniblue
2009-04-14 00:25 . 2009-04-14 04:53 0 ----a-w c:\windows\Isarafawinaqafo.bin
2009-04-14 00:25 . 2009-04-14 04:57 -------- d-----w c:\documents and settings\Hans\Local Settings\Application Data\{34DD23EC-0F88-40BD-B641-9B944710EB34}(2)
2009-04-14 00:25 . 2009-04-14 02:58 408 ----a-w c:\windows\Kkozu.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 20:56 . 2007-10-26 22:47 -------- d-----w c:\program files\Full Tilt Poker
2009-05-06 22:06 . 2007-06-08 17:32 -------- d-----w c:\program files\uTorrent
2009-05-06 21:07 . 2007-06-19 16:47 -------- d-----w c:\program files\Java
2009-05-04 07:21 . 2007-02-10 20:24 115600 ----a-w c:\documents and settings\Hans\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-04 06:29 . 2007-02-01 03:10 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-04 06:09 . 2008-12-24 03:20 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-04 04:17 . 2007-05-26 03:09 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-03 19:01 . 2007-09-12 13:37 -------- d-----w c:\program files\Lavasoft
2009-04-16 16:00 . 2007-08-24 19:13 -------- d-----w c:\program files\IrfanView
2009-04-14 01:52 . 2008-10-07 04:28 -------- d-----w c:\program files\Uniblue
2009-03-30 05:30 . 2008-08-24 12:00 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-08 09:24 . 2008-10-26 09:16 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-08 09:24 . 2008-10-26 09:16 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-06 14:22 . 2006-02-28 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:10 . 2006-02-28 12:00 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2006-02-28 12:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-18 07:10 . 2009-02-18 07:10 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-05-05_21.56.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-10 18:16 . 2009-05-10 18:16 16384 c:\windows\Temp\Perflib_Perfdata_54c.dat
+ 2009-05-10 18:15 . 2009-05-10 18:15 16384 c:\windows\Temp\Perflib_Perfdata_288.dat
+ 2009-05-09 18:36 . 2009-05-09 18:36 204800 c:\windows\ERDNT\AutoBackup\5-9-2009\Users\00000002\UsrClass.dat
+ 2009-05-09 18:36 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-9-2009\ERDNT.EXE
+ 2009-05-07 06:04 . 2009-05-07 06:04 204800 c:\windows\ERDNT\AutoBackup\5-7-2009\Users\00000002\UsrClass.dat
+ 2009-05-07 06:04 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-7-2009\ERDNT.EXE
+ 2009-05-06 21:34 . 2009-05-06 21:34 204800 c:\windows\ERDNT\AutoBackup\5-6-2009\Users\00000002\UsrClass.dat
+ 2009-05-06 21:34 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-6-2009\ERDNT.EXE
+ 2009-05-09 18:36 . 2009-05-09 18:36 9076736 c:\windows\ERDNT\AutoBackup\5-9-2009\Users\00000001\ntuser.dat
+ 2009-05-07 06:04 . 2009-05-07 06:04 9039872 c:\windows\ERDNT\AutoBackup\5-7-2009\Users\00000001\ntuser.dat
+ 2009-05-06 21:34 . 2009-05-06 21:34 9039872 c:\windows\ERDNT\AutoBackup\5-6-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-12-31 67128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-04-07 135168]
"EasyTuneV"="c:\program files\Gigabyte\ET5\GUI.exe" [2004-06-15 200704]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"sealmon"="c:\program files\SealedMedia\sealmon.exe" [2007-06-04 296080]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-05-04 1851128]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-27 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
c:\documents and settings\Hans\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GN-WP01GS Utility.lnk - c:\program files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe [2007-1-31 720896]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-31 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-31 805392]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\common\\left 4 dead demo\\left4dead.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\InterVideo\\DeviceService\\DevSvc.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/4/2009 4:56 PM 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/4/2009 3:53 AM 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [5/4/2009 3:07 AM 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/4/2009 3:07 AM 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2009 3:53 AM 20560]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [2/1/2007 10:21 PM 14095]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [8/26/2008 6:44 PM 163840]
S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;c:\windows\system32\drivers\wind502u.sys [9/12/2007 8:55 AM 336256]
--- Other Services/Drivers In Memory ---
*Deregistered* - MarkFun_NT
.
Contents of the 'Scheduled Tasks' folder
2009-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 19:42]
2009-04-14 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-10-07 13:03]
2009-05-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Hans\Application Data\Mozilla\Firefox\Profiles\ymj6zi6x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 17:42
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1104)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\program files\Funk Software\Odyssey Client\odLogin.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
- - - - - - - > 'lsass.exe'(1164)
c:\windows\system32\guard32.dll
- - - - - - - > 'explorer.exe'(396)
c:\windows\system32\guard32.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-10 17:43
ComboFix-quarantined-files.txt 2009-05-10 21:43
ComboFix2.txt 2009-05-10 20:58
ComboFix3.txt 2009-05-05 22:00
Pre-Run: 218,070,388,736 bytes free
Post-Run: 218,052,005,888 bytes free
232 --- E O F --- 2009-05-05 07:00
ComboFix 09-05-09.05 - Hans 05/10/2009 17:40.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.3071.2530 [GMT -4:00]
Running from: c:\documents and settings\Hans\Desktop\ComboFix.exe
AV: avast! antivirus 4.8.1335 [VPS 090509-0] *On-access scanning disabled* (Updated)
FW: COMODO Firewall *enabled*
.
((((((((((((((((((((((((( Files Created from 2009-04-10 to 2009-05-10 )))))))))))))))))))))))))))))))
.
2009-05-10 19:28 . 2009-05-10 20:56 -------- d-----w c:\documents and settings\Hans\Local Settings\Application Data\FullTiltPoker
2009-05-06 21:21 . 2009-05-06 21:21 -------- d-----w C:\_OTListIt
2009-05-05 22:04 . 2009-05-09 21:29 -------- d-----w C:\Lop SD
2009-05-05 21:46 . 2009-05-05 21:46 -------- d--h--w c:\windows\PIF
2009-05-04 20:56 . 2008-06-19 20:24 28544 ----a-w c:\windows\system32\drivers\pavboot.sys
2009-05-04 20:55 . 2009-05-04 20:55 -------- d-----w c:\program files\Panda Security
2009-05-04 17:07 . 2009-05-04 17:07 -------- d-----w C:\Rooter$
2009-05-04 16:59 . 2009-05-04 17:00 -------- d-----w c:\program files\ERUNT
2009-05-04 07:53 . 2009-05-04 07:53 -------- d-----w c:\program files\Alwil Software
2009-05-04 07:07 . 2009-05-04 13:45 -------- d-----w c:\documents and settings\All Users\Application Data\Comodo
2009-05-04 07:07 . 2009-05-04 07:07 155384 ----a-w c:\windows\system32\guard32.dll
2009-05-04 07:07 . 2009-05-04 07:07 110992 ----a-w c:\windows\system32\drivers\cmdguard.sys
2009-05-04 07:07 . 2009-05-04 07:07 24336 ----a-w c:\windows\system32\drivers\cmdhlp.sys
2009-05-04 07:07 . 2009-05-04 07:07 -------- d-----w c:\program files\COMODO
2009-05-04 06:58 . 2009-05-06 01:29 -------- d---a-w c:\documents and settings\All Users\Application Data\TEMP
2009-05-04 06:58 . 2009-05-04 07:01 -------- d-----w c:\program files\SpywareBlaster
2009-05-04 06:28 . 2009-05-04 06:28 -------- d-----w c:\windows\system32\scripting
2009-05-04 06:28 . 2009-05-04 06:28 -------- d-----w c:\windows\l2schemas
2009-05-04 06:28 . 2009-05-04 06:28 -------- d-----w c:\windows\system32\en
2009-05-04 06:28 . 2009-05-04 06:28 -------- d-----w c:\windows\system32\bits
2009-05-04 06:27 . 2009-05-04 06:28 -------- d-----w c:\windows\ServicePackFiles
2009-05-04 04:31 . 2009-05-04 04:31 -------- d-----w c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com
2009-05-04 04:19 . 2009-05-04 04:19 -------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-05-04 04:19 . 2009-05-04 04:19 -------- d-----w c:\program files\SUPERAntiSpyware
2009-05-04 04:19 . 2009-05-04 04:19 -------- d-----w c:\documents and settings\Hans\Application Data\SUPERAntiSpyware.com
2009-05-04 04:03 . 2009-05-04 04:02 410984 ----a-w c:\windows\system32\deploytk.dll
2009-05-03 18:49 . 2009-05-04 06:04 664 ----a-w c:\windows\system32\d3d9caps.dat
2009-05-03 18:43 . 2009-05-03 18:43 -------- d-----w c:\documents and settings\Administrator\Application Data\Media Player Classic
2009-05-03 18:25 . 2009-05-03 18:25 -------- d-----w c:\documents and settings\Administrator\Application Data\Malwarebytes
2009-05-01 21:38 . 2009-05-01 21:38 -------- d-----w c:\windows\system32\NtmsData
2009-05-01 21:12 . 2009-05-01 21:12 -------- d-----w c:\documents and settings\Hans\Application Data\Malwarebytes
2009-05-01 21:12 . 2009-04-06 19:32 15504 ----a-w c:\windows\system32\drivers\mbam.sys
2009-05-01 21:12 . 2009-04-06 19:32 38496 ----a-w c:\windows\system32\drivers\mbamswissarmy.sys
2009-05-01 21:12 . 2009-05-01 21:12 -------- d-----w c:\documents and settings\All Users\Application Data\Malwarebytes
2009-05-01 21:12 . 2009-05-01 21:12 -------- d-----w c:\program files\Malwarebytes' Anti-Malware
2009-05-01 21:00 . 2009-05-01 21:00 -------- d-----w C:\VundoFix Backups
2009-05-01 21:00 . 2009-05-01 21:00 -------- d-----w c:\program files\Storm
2009-05-01 20:59 . 2009-05-01 20:59 -------- d-----w c:\program files\Microsoft XNA
2009-05-01 06:24 . 2009-05-03 19:01 -------- dc-h--w c:\documents and settings\All Users\Application Data\{7972B2E5-3E09-4E5E-81B7-FE5819D6772F}
2009-04-14 08:18 . 2009-04-14 08:18 25992 ----a-w c:\windows\system32\pgdfgsvc.exe
2009-04-14 02:50 . 2009-04-16 16:00 -------- d-----w c:\program files\Prevx
2009-04-14 02:24 . 2009-04-14 02:24 -------- d-----w c:\program files\Trend Micro
2009-04-14 01:58 . 2009-04-14 01:58 -------- d-----w c:\documents and settings\All Users\Application Data\Uniblue
2009-04-14 00:25 . 2009-04-14 04:53 0 ----a-w c:\windows\Isarafawinaqafo.bin
2009-04-14 00:25 . 2009-04-14 04:57 -------- d-----w c:\documents and settings\Hans\Local Settings\Application Data\{34DD23EC-0F88-40BD-B641-9B944710EB34}(2)
2009-04-14 00:25 . 2009-04-14 02:58 408 ----a-w c:\windows\Kkozu.dat
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-05-10 20:56 . 2007-10-26 22:47 -------- d-----w c:\program files\Full Tilt Poker
2009-05-06 22:06 . 2007-06-08 17:32 -------- d-----w c:\program files\uTorrent
2009-05-06 21:07 . 2007-06-19 16:47 -------- d-----w c:\program files\Java
2009-05-04 07:21 . 2007-02-10 20:24 115600 ----a-w c:\documents and settings\Hans\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-05-04 06:29 . 2007-02-01 03:10 86327 ----a-w c:\windows\pchealth\helpctr\OfflineCache\index.dat
2009-05-04 06:09 . 2008-12-24 03:20 -------- d-----w c:\program files\Spybot - Search & Destroy
2009-05-04 04:17 . 2007-05-26 03:09 -------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-05-03 19:01 . 2007-09-12 13:37 -------- d-----w c:\program files\Lavasoft
2009-04-16 16:00 . 2007-08-24 19:13 -------- d-----w c:\program files\IrfanView
2009-04-14 01:52 . 2008-10-07 04:28 -------- d-----w c:\program files\Uniblue
2009-03-30 05:30 . 2008-08-24 12:00 -------- d-----w c:\program files\Microsoft Silverlight
2009-03-08 09:24 . 2008-10-26 09:16 413696 ----a-w c:\windows\system32\wrap_oal.dll
2009-03-08 09:24 . 2008-10-26 09:16 110592 ----a-w c:\windows\system32\OpenAL32.dll
2009-03-06 14:22 . 2006-02-28 12:00 284160 ----a-w c:\windows\system32\pdh.dll
2009-02-20 08:10 . 2006-02-28 12:00 666112 ----a-w c:\windows\system32\wininet.dll
2009-02-20 08:10 . 2006-02-28 12:00 81920 ----a-w c:\windows\system32\ieencode.dll
2009-02-18 07:10 . 2009-02-18 07:10 25280 ----a-w c:\windows\system32\drivers\hamachi.sys
.
((((((((((((((((((((((((((((( SnapShot@2009-05-05_21.56.02 )))))))))))))))))))))))))))))))))))))))))
.
+ 2009-05-10 18:16 . 2009-05-10 18:16 16384 c:\windows\Temp\Perflib_Perfdata_54c.dat
+ 2009-05-10 18:15 . 2009-05-10 18:15 16384 c:\windows\Temp\Perflib_Perfdata_288.dat
+ 2009-05-09 18:36 . 2009-05-09 18:36 204800 c:\windows\ERDNT\AutoBackup\5-9-2009\Users\00000002\UsrClass.dat
+ 2009-05-09 18:36 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-9-2009\ERDNT.EXE
+ 2009-05-07 06:04 . 2009-05-07 06:04 204800 c:\windows\ERDNT\AutoBackup\5-7-2009\Users\00000002\UsrClass.dat
+ 2009-05-07 06:04 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-7-2009\ERDNT.EXE
+ 2009-05-06 21:34 . 2009-05-06 21:34 204800 c:\windows\ERDNT\AutoBackup\5-6-2009\Users\00000002\UsrClass.dat
+ 2009-05-06 21:34 . 2005-10-20 16:02 163328 c:\windows\ERDNT\AutoBackup\5-6-2009\ERDNT.EXE
+ 2009-05-09 18:36 . 2009-05-09 18:36 9076736 c:\windows\ERDNT\AutoBackup\5-9-2009\Users\00000001\ntuser.dat
+ 2009-05-07 06:04 . 2009-05-07 06:04 9039872 c:\windows\ERDNT\AutoBackup\5-7-2009\Users\00000001\ntuser.dat
+ 2009-05-06 21:34 . 2009-05-06 21:34 9039872 c:\windows\ERDNT\AutoBackup\5-6-2009\Users\00000001\ntuser.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-14 15360]
"LDM"="c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe" [2008-12-31 67128]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-04-28 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"NVRaidService"="c:\windows\system32\nvraidservice.exe" [2006-04-07 135168]
"EasyTuneV"="c:\program files\Gigabyte\ET5\GUI.exe" [2004-06-15 200704]
"IMJPMIG8.1"="c:\windows\IME\imjp8_1\IMJPMIG.EXE" [2006-02-28 208952]
"MSPY2002"="c:\windows\system32\IME\PINTLGNT\ImScInst.exe" [2006-02-28 59392]
"PHIME2002ASync"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"PHIME2002A"="c:\windows\system32\IME\TINTLGNT\TINTSETP.EXE" [2006-02-28 455168]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2007-06-29 286720]
"UVS11 Preload"="c:\program files\Ulead Systems\Ulead VideoStudio 11\uvPL.exe" [2007-03-03 341488]
"sealmon"="c:\program files\SealedMedia\sealmon.exe" [2007-06-04 296080]
"PWRISOVM.EXE"="c:\program files\PowerISO\PWRISOVM.EXE" [2008-03-14 233472]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2009-01-15 13680640]
"NvMediaCenter"="c:\windows\system32\NvMcTray.dll" [2009-01-15 86016]
"COMODO Internet Security"="c:\program files\COMODO\COMODO Internet Security\cfp.exe" [2009-05-04 1851128]
"avast!"="c:\program files\Alwil Software\Avast4\ashDisp.exe" [2009-02-05 81000]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-05-04 148888]
"RTHDCPL"="RTHDCPL.EXE" - c:\windows\RTHDCPL.exe [2006-05-27 16208384]
"SkyTel"="SkyTel.EXE" - c:\windows\SkyTel.exe [2006-05-16 2879488]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" - c:\windows\KHALMNPR.Exe [2008-02-29 76304]
"nwiz"="nwiz.exe" - c:\windows\system32\nwiz.exe [2009-01-15 1657376]
c:\documents and settings\Hans\Start Menu\Programs\Startup\
ERUNT AutoBackup.lnk - c:\program files\ERUNT\AUTOBACK.EXE [2005-10-20 38912]
c:\documents and settings\All Users\Start Menu\Programs\Startup\
GN-WP01GS Utility.lnk - c:\program files\Gigabyte\Gigabyte WP01GS Wireless PCI Adapter SoftAP\Installer\WINXP\RaUI.exe [2007-1-31 720896]
Logitech Desktop Messenger.lnk - c:\program files\Logitech\Desktop Messenger\8876480\Program\LogitechDesktopMessenger.exe [2008-12-31 67128]
Logitech SetPoint.lnk - c:\program files\Logitech\SetPoint\SetPoint.exe [2008-12-31 805392]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 07:42 72208 ----a-w c:\program files\Common Files\Logitech\Bluetooth\LBTWLgn.dll
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@=""
[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\SightSpeed\\SightSpeed.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=
"c:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\common\\left 4 dead demo\\left4dead.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\common\\unreal tournament 3\\Binaries\\UT3.exe"=
"c:\\Program Files\\Valve\\Steam\\Steam.exe"=
"c:\\Program Files\\Common Files\\InterVideo\\DeviceService\\DevSvc.exe"=
"c:\\Program Files\\Valve\\Steam\\steamapps\\common\\left 4 dead\\left4dead.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
R0 pavboot;pavboot;c:\windows\system32\drivers\pavboot.sys [5/4/2009 4:56 PM 28544]
R1 aswSP;avast! Self Protection;c:\windows\system32\drivers\aswSP.sys [5/4/2009 3:53 AM 114768]
R1 cmdGuard;COMODO Internet Security Sandbox Driver;c:\windows\system32\drivers\cmdguard.sys [5/4/2009 3:07 AM 110992]
R1 cmdHlp;COMODO Internet Security Helper Driver;c:\windows\system32\drivers\cmdhlp.sys [5/4/2009 3:07 AM 24336]
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [4/28/2009 11:33 AM 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [4/28/2009 11:33 AM 72944]
R2 aswFsBlk;aswFsBlk;c:\windows\system32\drivers\aswFsBlk.sys [5/4/2009 3:53 AM 20560]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [4/28/2009 11:33 AM 7408]
S3 LCcfltr;Logitech USB Filter Driver;c:\windows\system32\drivers\LCCFLTR.SYS [2/1/2007 10:21 PM 14095]
S3 PciCon;PciCon;\??\d:\pcicon.sys --> d:\PciCon.sys [?]
S3 V0250Dev;Live! Cam Notebook Pro;c:\windows\system32\drivers\V0250Dev.sys [8/26/2008 6:44 PM 163840]
S3 wind502u;Motorola Wireless USB Adapter WU830G Windows Driver;c:\windows\system32\drivers\wind502u.sys [9/12/2007 8:55 AM 336256]
--- Other Services/Drivers In Memory ---
*Deregistered* - MarkFun_NT
.
Contents of the 'Scheduled Tasks' folder
2009-05-07 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 19:42]
2009-04-14 c:\windows\Tasks\Uniblue SpyEraser.job
- c:\program files\Uniblue\SpyEraser\SpyEraser.exe [2008-10-07 13:03]
2009-05-10 c:\windows\Tasks\WGASetup.job
- c:\windows\system32\KB905474\wgasetup.exe [2009-04-01 02:18]
.
.
------- Supplementary Scan -------
.
uStart Page =
mStart Page = hxxp://www.yahoo.com
uSearchURL,(Default) = hxxp://red.clientapps.yahoo.com/customize/ptec/defaults/su/*http://www.yahoo.com
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
Handler: bwfile-8876480 - {9462A756-7B47-47BC-8C80-C34B9B80B32B} - c:\program files\Logitech\Desktop Messenger\8876480\Program\GAPlugProtocol-8876480.dll
FF - ProfilePath - c:\documents and settings\Hans\Application Data\Mozilla\Firefox\Profiles\ymj6zi6x.default\
FF - prefs.js: browser.search.defaulturl - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrie7&query=
FF - prefs.js: browser.search.selectedEngine - Google
FF - prefs.js: browser.startup.homepage - hxxp://www.google.com/ig
FF - prefs.js: keyword.URL - hxxp://slirsredirect.search.aol.com/slirs_http/sredir?sredir=2706&invocationType=tb50fftrab&query=
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-05-10 17:42
Windows 5.1.2600 Service Pack 3 NTFS
detected NTDLL code modification:
ZwClose, ZwOpenFile
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(1104)
c:\windows\system32\guard32.dll
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\program files\common files\logitech\bluetooth\LBTWlgn.dll
c:\program files\common files\logitech\bluetooth\LBTServ.dll
c:\program files\Funk Software\Odyssey Client\odLogin.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
- - - - - - - > 'lsass.exe'(1164)
c:\windows\system32\guard32.dll
- - - - - - - > 'explorer.exe'(396)
c:\windows\system32\guard32.dll
c:\program files\RocketDock\RocketDock.dll
c:\windows\IME\IMJP8_1\Dicts\IMJPCD.DIC
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-05-10 17:43
ComboFix-quarantined-files.txt 2009-05-10 21:43
ComboFix2.txt 2009-05-10 20:58
ComboFix3.txt 2009-05-05 22:00
Pre-Run: 218,070,388,736 bytes free
Post-Run: 218,052,005,888 bytes free
232 --- E O F --- 2009-05-05 07:00
#33
Posted 11 May 2009 - 12:35 AM
Hm.. this is strange!
There is an other possibility.
Try this then.
AVAST
Right click on the avast! icon in system tray (looks like this: ) and choose (Stop On-Access Protection)
COMODO BO CLEAN
Comodo Firewall Pro (free Personal)
Then run ComboFix and post the log
There is an other possibility.
Try this then.
AVAST
Right click on the avast! icon in system tray (looks like this: ) and choose (Stop On-Access Protection)
COMODO BO CLEAN
- Right-click the system tray icon.
- Select Shut down BO Clean button.
- Will restart on reboot or open from Program Menu.
Comodo Firewall Pro (free Personal)
- Right-click the system tray icon.
- Select Exit.
- On the Pop up window, Click the Yes button.
Then run ComboFix and post the log
#34
Posted 11 May 2009 - 12:48 AM
I had done all of those things before, except for the COMODO BO Clean. I'm not sure what that is. Avast has On-Access protection disabled and Comodo isn't even running...
#35
Posted 11 May 2009 - 01:16 AM
Yep and that was what's different.I had done all of those things before, except for the COMODO BO Clean. I'm not sure what that is. Avast has On-Access protection disabled and Comodo isn't even running...
Bo Clean is an antimalware scannerfunction in COMODO.
If needed first enable COMODO Firewall then disable COMODO Bo Clean
Then disable Comodo Firewall and avast.
And run ComboFix again.
#36
Posted 11 May 2009 - 01:34 AM
I'm having trouble locating this BO Clean thing. I'm not sure if my version of comodo has this...
#37
Posted 11 May 2009 - 02:24 AM
Just found out that those entries are cause by COMODO.
Hey there, Wasuremono!
OK! Well done, your log is clean again!
Time for some housekeeping.
Step 1.
Clean up:
We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.
First:
Second:
Double-click OTListIt2.exe to start it.
Click the Clean up button
Click Yes to the reboot.
Now delete any tools/logs that is left over after you ran OTListIt2 CleanUp.
Step 2.
Prevention:
OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.
First:
Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.
Please go to the link below to download an update.
http://www.adobe.com.../readstep2.html
Remove the older versions and install the latest,
Second:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.
Automatic Updates for Windows
Third:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.
Anti Spyware
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.
Fourth:
Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):
Instant Messengers
Lastly:
It is a good idea to clear out all your temp files every now and again with ATF Cleaner. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
I will keep this log open for the next couple of days, so if you have any further problems post another reply here.
OK, all the best, and stay safe!
Hey there, Wasuremono!
OK! Well done, your log is clean again!
Time for some housekeeping.
Step 1.
Clean up:
We need to do is to remove all the tools that you have used. This is so that should you ever be re-infected, you will download updated versions. It will also remove the quarantined Malware from your computer.
First:
- Click START then RUN
- Now type Combofix /u in the runbox and click OK. Note the space between the X and the /u, it needs to be there.
Second:
Double-click OTListIt2.exe to start it.
Click the Clean up button
Click Yes to the reboot.
Now delete any tools/logs that is left over after you ran OTListIt2 CleanUp.
Step 2.
Prevention:
OK, lets carry out a few preventative steps to make sure you reduce the risk of further infections.
First:
Your Adobe Acrobat Reader is out of date. Older versions are vunerable to attack.
Please go to the link below to download an update.
http://www.adobe.com.../readstep2.html
Remove the older versions and install the latest,
Second:
One of the essentials is to keep your computer updated with the latest operating system patches and security fixes. Windows Updates are constantly being revised to combat the newest hacks and threats, Microsoft releases security updates that help your computer from becoming vunerable. It is best if you have these set to download automatically.
Automatic Updates for Windows
- Click Start.
- Select Settings and then Control Panel.
- Select Automatic Updates.
- Click Automatic (recommended)
- Choose a day and a time when you know the computer will be on and connected to the internet.
- Click Apply then OK.
Third:
Now lets download some preventative programs that will help to keep the nasties away! We will start with Anti Spyware programs. I would advise getting a couple of them at least, and running each at least once a month.
Anti Spyware
- SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
- IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.
Fourth:
Nearly done! If you like to use chat, MSN and Yahoo have vunerabilities that can leave you open to infections. There are however a couple of very good, Malware free Instant Messenger programs which allow you to connect to multiple IM services in one program! (AOL, Yahoo, ICQ, IRC, MSN):
Instant Messengers
Lastly:
It is a good idea to clear out all your temp files every now and again with ATF Cleaner. This will help your computer from bogging down and slowing. It also can assist in getting rid of files that may contain malicious code that could re-infect your computer.
To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein.
I will keep this log open for the next couple of days, so if you have any further problems post another reply here.
OK, all the best, and stay safe!
Edited by heir, 11 May 2009 - 05:05 AM.
#38
Posted 13 May 2009 - 01:33 AM
Thank you so much for all of your help!
I just got around to doing all of these last things here. I already have Spyware Blaster, so will I need Spyware Guard? I'm not sure how similar these two are.
I just got around to doing all of these last things here. I already have Spyware Blaster, so will I need Spyware Guard? I'm not sure how similar these two are.
#39
Posted 13 May 2009 - 09:27 AM
Check the tutorials
Anti Spyware
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.
Anti Spyware
- SpywareBlaster to help prevent spyware from installing in the first place. A tutorial can be found here.
- SpywareGuard to catch and block spyware before it can execute. A tutorial can be found here.
- IESpy-Ad to block access to malicious websites so you cannot be redirected to them from an infected site or email. A tutorial can be found here
Note: If you find your system slows down after installing any of these, just uninstall it, or disable it from running at startup.
#40
Posted 17 May 2009 - 02:56 AM
Since this issue appears to be resolved ... this Topic has been closed. Glad we could help.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
If you're the topic starter, and need this topic reopened, please contact a staff member with the address of the thread.
Everyone else please begin a New Topic.
Similar Topics
0 user(s) are reading this topic
0 members, 0 guests, 0 anonymous users