 |  |  |  |  |  |  |  |
Step-Daughter's Computer Viruses and Malware
 |
•
•
Join Date: Jul 2008
Posts: 2,989
Reputation: 
Solved Threads: 169
You DID totally Uninstall Symantec I hope?
I hope you mean SpywareBlaster Spyblaster is a totally different program and definitely NOT the one I spoke about. SpywareBlaster is FREE, Spyblaster, eventually is NOT, believe after the free trial it costs around $30 and isn't worth it.
Run a new HJT scan just to be certain there are not remnants sitting there ok? Post back with that log.
Judy
•
•
•
•
OK I downloaded and installed spyblaster
Run a new HJT scan just to be certain there are not remnants sitting there ok? Post back with that log.
Judy
Last edited by jholland1964; Sep 14th, 2008 at 2:48 pm.
yes you're right again, spywareclaster and I paid for autoupdate because when I give this computer back I don't want to keep doing this. I reran and also combofix cleaned out
"- - - - ORPHANS REMOVED - - - -
HKLM-Run-MsgCenterExe - C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
Notify-NavLogon - (no file)"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33, on 2008-09-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SpywareBlaster\sbautoupdate.exe
C:\Program Files\SpywareBlaster\sbautoupdate.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Lisa Drogon\Desktop\spywaretools\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.metroymcas.org/Login.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...0Installer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 6777 bytes
___________________________
ComboFix 08-09-10.04 - Lisa Drogon 2008-09-14 21:38:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.244 [GMT -5:00]
Running from: C:\Documents and Settings\Lisa Drogon\Desktop\spywaretools\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 )))))))))))))))))))))))))))))))
.
2008-09-14 21:27 . 2008-09-14 21:27 <DIR> d-------- C:\Program Files\D-Link
2008-09-14 21:27 . 2008-09-14 21:27 <DIR> d-------- C:\Program Files\ANI
2008-09-14 21:27 . 2004-08-16 16:45 1,163,337 --a------ C:\WINDOWS\system32\odSupp_M.dll
2008-09-14 21:27 . 2004-09-20 16:51 577,536 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2008-09-14 21:27 . 2004-08-16 16:45 192,512 --a------ C:\WINDOWS\system32\aIPH.dll
2008-09-14 21:27 . 2004-09-17 16:03 131,072 --a------ C:\WINDOWS\system32\WlanApp.dll
2008-09-14 21:27 . 2004-08-16 16:45 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll
2008-09-14 21:27 . 2004-08-16 16:45 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2008-09-14 21:27 . 2004-01-27 17:20 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2008-09-14 21:27 . 2003-05-05 18:25 28,205 --a------ C:\WINDOWS\system32\ANIO.sys
2008-09-14 21:27 . 2004-04-15 11:10 16,997 --a------ C:\WINDOWS\system32\ANIO.VXD
2008-09-14 21:27 . 2003-05-05 14:00 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2008-09-14 08:10 . 2008-09-14 08:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-09-09 07:10 . 2008-09-09 07:10 101,560 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-09-09 00:45 . 2008-09-09 00:45 <DIR> d-------- C:\Documents and Settings\Lisa Drogon\Application Data\Uniblue
2008-09-09 00:44 . 2008-09-09 00:44 <DIR> d-------- C:\Program Files\Uniblue
2008-09-09 00:43 . 2008-09-09 00:43 0 --a------ C:\WINDOWS\VPC32.INI
2008-09-08 09:22 . 2008-09-08 09:22 <DIR> d-------- C:\Program Files\SpyRemover
2008-09-08 09:18 . 2008-09-08 09:18 <DIR> d-------- C:\Program Files\Unisys IT
2008-09-06 21:21 . 2008-09-06 21:30 <DIR> d-------- C:\Program Files\Common Files\Panda Security
2008-09-06 18:10 . 2008-09-07 06:08 <DIR> d-------- C:\Program Files\stevelogs
2008-09-06 18:04 . 2008-09-06 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Simple Star
2008-09-06 08:41 . 2008-09-06 08:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-05 19:13 . 2008-09-11 10:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 19:13 . 2008-09-05 19:13 <DIR> d-------- C:\Documents and Settings\Lisa Drogon\Application Data\Malwarebytes
2008-09-05 19:13 . 2008-09-05 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-05 19:13 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-05 19:13 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-05 12:34 . 2008-09-05 12:43 <DIR> d-------- C:\Documents and Settings\Lisa Drogon\Application Data\U3
2008-09-05 12:13 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-09-05 12:13 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-05 12:11 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005232_.tmp
2008-09-03 09:46 . 2008-09-11 11:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-02 19:27 . 2008-09-02 19:27 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-02 15:05 . 2008-09-14 21:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 14:12 . 2008-09-05 12:17 <DIR> d-------- C:\WINDOWS\peernet
2008-09-02 14:08 . 2008-09-09 00:44 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-09-02 11:34 . 2004-08-03 22:32 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2008-08-23 09:15 . 2008-08-23 09:15 <DIR> d-------- C:\Program Files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 02:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 17:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Verizon
2008-09-12 15:11 --------- d-----w C:\Program Files\Common Files\Real
2008-09-11 18:39 --------- d-----w C:\Program Files\Symantec
2008-09-11 18:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-11 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-11 18:18 --------- d-----w C:\Program Files\QuickTime
2008-09-09 17:35 27,262,976 ----a-w C:\VIRTPART.DAT
2008-09-09 17:34 2,855 ----a-w C:\WINDOWS\PIF\COMMAND.PIF
2008-09-08 16:04 --------- d-----w C:\Program Files\vol_toolbar
2008-09-05 17:40 --------- d-----w C:\Program Files\Java
2008-09-02 17:00 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2005-04-18 22:27 8,224 ----a-w C:\Documents and Settings\Lisa Drogon\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-21 163840]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 61168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 2065648]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2008-02-26 318704]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [2008-02-26 13552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SBAutoUpdate"="C:\Program Files\SpywareBlaster\sbautoupdate.exe" [2008-06-10 906792]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2004-09-14 1212416]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-08-16 45056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 61168]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 Radialpoint Security Services;Verizon Internet Security Suite;C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe [2008-02-26 67824]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MsgCenterExe - C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
Notify-NavLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Lisa Drogon\Application Data\Mozilla\Firefox\Profiles\ucfa5c6h.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 21:44:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-09-14 21:58:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-15 02:57:38
ComboFix2.txt 2008-09-11 17:56:45
Pre-Run: 27,280,171,008 bytes free
Post-Run: 27,268,517,888 bytes free
156 --- E O F --- 2008-09-13 06:38:04
"- - - - ORPHANS REMOVED - - - -
HKLM-Run-MsgCenterExe - C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
Notify-NavLogon - (no file)"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 21:33, on 2008-09-14
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal
Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Verizon\VSP\VerizonServicepoint.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\SpywareBlaster\sbautoupdate.exe
C:\Program Files\SpywareBlaster\sbautoupdate.exe
C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Verizon\VSP\VerizonServicepointComHandler.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Documents and Settings\Lisa Drogon\Desktop\spywaretools\HiJackThis.exe
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://mail.metroymcas.org/Login.aspx
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: Pop-Up Blocker BHO - {3C060EA2-E6A9-4E49-A530-D4657B8C449A} - C:\Program Files\Verizon\Verizon Internet Security Suite\pkR.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - (no file)
O4 - HKLM\..\Run: [VerizonServicepoint.exe] "C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" /AUTORUN
O4 - HKLM\..\Run: [Verizon Internet Security Suite] "C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe"
O4 - HKLM\..\Run: [-FreedomNeedsReboot] "C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe"
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MsgCenterExe] "C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe" -osboot
O4 - HKLM\..\Run: [SBAutoUpdate] "C:\Program Files\SpywareBlaster\sbautoupdate.exe"
O4 - HKLM\..\Run: [D-Link AirPlus G] C:\Program Files\D-Link\AirPlus G\AirGCFG.exe
O4 - HKLM\..\Run: [ANIWZCS2Service] C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe
O4 - HKLM\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O4 - HKCU\..\Run: [PhotoShow Deluxe Media Manager] C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe
O4 - HKCU\..\Run: [updateMgr] C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe AcRdB7_0_9
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\RunOnce: [IndexCleaner] "C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe"
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~4\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {01113300-3E00-11D2-8470-0060089874ED} (Support.com Configuration Class) - https://activatemydsl.verizon.net/sd...0Installer.cab
O16 - DPF: {48DD0448-9209-4F81-9F6D-D83562940134} (MySpace Uploader Control) - http://lads.myspace.com/upload/MySpaceUploader1006.cab
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) -
O16 - DPF: {56762DEC-6B0D-4AB4-A8AD-989993B5D08B} - http://www.eset.eu/buxus/docs/OnlineScanner.cab
O16 - DPF: {6F750202-1362-4815-A476-88533DE61D0C} (Kodak Gallery Easy Upload Manager Class) - http://www.kodakgallery.com/download...2/axofupld.cab
O16 - DPF: {B8BE5E93-A60C-4D26-A2DC-220313175592} (ZoneIntro Class) - http://cdn2.zone.msn.com/binFramewor...o.cab34246.cab
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: DvpApi (dvpapi) - Authentium, Inc. - C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: CA Pest Patrol Realtime Protection Service (ITMRTSVC) - CA, Inc. - C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
O23 - Service: Kodak Camera Connection Software (KodakCCS) - Unknown owner - C:\WINDOWS\system32\drivers\KodakCCS.exe (file missing)
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: Verizon Internet Security Suite (Radialpoint Security Services) - Radialpoint Inc. - C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe
O23 - Service: Verizon Internet Security Suite Update Service (RPSUpdaterR) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
O23 - Service: Verizon Internet Security Suite Firewall (RP_FWS) - Verizon - C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe
--
End of file - 6777 bytes
___________________________
ComboFix 08-09-10.04 - Lisa Drogon 2008-09-14 21:38:38.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.244 [GMT -5:00]
Running from: C:\Documents and Settings\Lisa Drogon\Desktop\spywaretools\ComboFix.exe
WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.
((((((((((((((((((((((((( Files Created from 2008-08-15 to 2008-09-15 )))))))))))))))))))))))))))))))
.
2008-09-14 21:27 . 2008-09-14 21:27 <DIR> d-------- C:\Program Files\D-Link
2008-09-14 21:27 . 2008-09-14 21:27 <DIR> d-------- C:\Program Files\ANI
2008-09-14 21:27 . 2004-08-16 16:45 1,163,337 --a------ C:\WINDOWS\system32\odSupp_M.dll
2008-09-14 21:27 . 2004-09-20 16:51 577,536 --a------ C:\WINDOWS\system32\ANIWZCS2.dll
2008-09-14 21:27 . 2004-08-16 16:45 192,512 --a------ C:\WINDOWS\system32\aIPH.dll
2008-09-14 21:27 . 2004-09-17 16:03 131,072 --a------ C:\WINDOWS\system32\WlanApp.dll
2008-09-14 21:27 . 2004-08-16 16:45 57,407 --a------ C:\WINDOWS\system32\ANICtl.dll
2008-09-14 21:27 . 2004-08-16 16:45 49,152 --a------ C:\WINDOWS\system32\AQCKGen.dll
2008-09-14 21:27 . 2004-01-27 17:20 36,864 --a------ C:\WINDOWS\system32\ANIOApi.dll
2008-09-14 21:27 . 2003-05-05 18:25 28,205 --a------ C:\WINDOWS\system32\ANIO.sys
2008-09-14 21:27 . 2004-04-15 11:10 16,997 --a------ C:\WINDOWS\system32\ANIO.VXD
2008-09-14 21:27 . 2003-05-05 14:00 11,904 --a------ C:\WINDOWS\system32\anio4.sys
2008-09-14 08:10 . 2008-09-14 08:50 <DIR> d-------- C:\Program Files\SpywareBlaster
2008-09-09 07:10 . 2008-09-09 07:10 101,560 --ah----- C:\WINDOWS\system32\mlfcache.dat
2008-09-09 00:45 . 2008-09-09 00:45 <DIR> d-------- C:\Documents and Settings\Lisa Drogon\Application Data\Uniblue
2008-09-09 00:44 . 2008-09-09 00:44 <DIR> d-------- C:\Program Files\Uniblue
2008-09-09 00:43 . 2008-09-09 00:43 0 --a------ C:\WINDOWS\VPC32.INI
2008-09-08 09:22 . 2008-09-08 09:22 <DIR> d-------- C:\Program Files\SpyRemover
2008-09-08 09:18 . 2008-09-08 09:18 <DIR> d-------- C:\Program Files\Unisys IT
2008-09-06 21:21 . 2008-09-06 21:30 <DIR> d-------- C:\Program Files\Common Files\Panda Security
2008-09-06 18:10 . 2008-09-07 06:08 <DIR> d-------- C:\Program Files\stevelogs
2008-09-06 18:04 . 2008-09-06 18:04 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Simple Star
2008-09-06 08:41 . 2008-09-06 08:41 <DIR> d-------- C:\Documents and Settings\Administrator\Application Data\Malwarebytes
2008-09-05 19:13 . 2008-09-11 10:14 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-05 19:13 . 2008-09-05 19:13 <DIR> d-------- C:\Documents and Settings\Lisa Drogon\Application Data\Malwarebytes
2008-09-05 19:13 . 2008-09-05 19:13 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-05 19:13 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-05 19:13 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-05 12:34 . 2008-09-05 12:43 <DIR> d-------- C:\Documents and Settings\Lisa Drogon\Application Data\U3
2008-09-05 12:13 . 2008-04-13 22:06 144,384 --------- C:\WINDOWS\system32\drivers\hdaudbus.sys
2008-09-05 12:13 . 2008-04-14 00:10 10,240 --------- C:\WINDOWS\system32\drivers\sffp_mmc.sys
2008-09-05 12:11 . 2006-12-29 00:31 19,569 --a------ C:\WINDOWS\005232_.tmp
2008-09-03 09:46 . 2008-09-11 11:02 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-02 19:27 . 2008-09-02 19:27 <DIR> d-------- C:\Program Files\Windows Defender
2008-09-02 15:05 . 2008-09-14 21:43 <DIR> d-a------ C:\Documents and Settings\All Users\Application Data\TEMP
2008-09-02 14:12 . 2008-09-05 12:17 <DIR> d-------- C:\WINDOWS\peernet
2008-09-02 14:08 . 2008-09-09 00:44 <DIR> d--h-c--- C:\Documents and Settings\All Users\Application Data\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-09-02 11:34 . 2004-08-03 22:32 84,480 --a------ C:\WINDOWS\system32\drivers\ac97via.sys
2008-08-23 09:15 . 2008-08-23 09:15 <DIR> d-------- C:\Program Files\MSECache
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-15 02:27 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-09-14 17:45 --------- d-----w C:\Documents and Settings\Administrator\Application Data\Verizon
2008-09-12 15:11 --------- d-----w C:\Program Files\Common Files\Real
2008-09-11 18:39 --------- d-----w C:\Program Files\Symantec
2008-09-11 18:39 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-09-11 18:39 --------- d-----w C:\Documents and Settings\All Users\Application Data\Symantec
2008-09-11 18:18 --------- d-----w C:\Program Files\QuickTime
2008-09-09 17:35 27,262,976 ----a-w C:\VIRTPART.DAT
2008-09-09 17:34 2,855 ----a-w C:\WINDOWS\PIF\COMMAND.PIF
2008-09-08 16:04 --------- d-----w C:\Program Files\vol_toolbar
2008-09-05 17:40 --------- d-----w C:\Program Files\Java
2008-09-02 17:00 --------- d-----w C:\Program Files\Common Files\Scanner
2008-07-19 03:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 03:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 03:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 03:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 03:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 03:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 03:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 03:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 03:07 270,880 ----a-w C:\WINDOWS\system32\mucltui.dll
2008-07-19 03:07 210,976 ----a-w C:\WINDOWS\system32\muweb.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-23 16:57 826,368 ----a-w C:\WINDOWS\system32\wininet.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2005-04-18 22:27 8,224 ----a-w C:\Documents and Settings\Lisa Drogon\Application Data\GDIPFONTCACHEV1.DAT
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"PhotoShow Deluxe Media Manager"="C:\PROGRA~1\SIMPLE~1\PHOTOS~1\data\Xtras\mssysmgr.exe" [2005-01-21 163840]
"updateMgr"="C:\Program Files\Adobe\Acrobat 7.0\Reader\AdobeUpdateManager.exe" [2006-03-30 313472]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 61168]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"VerizonServicepoint.exe"="C:\Program Files\Verizon\VSP\VerizonServicepoint.exe" [2008-02-13 2065648]
"Verizon Internet Security Suite"="C:\Program Files\Verizon\Verizon Internet Security Suite\Rps.exe" [2008-02-26 318704]
"-FreedomNeedsReboot"="C:\Program Files\Verizon\Verizon Internet Security Suite\ZkRunOnceR.exe" [2008-02-26 13552]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"SBAutoUpdate"="C:\Program Files\SpywareBlaster\sbautoupdate.exe" [2008-06-10 906792]
"D-Link AirPlus G"="C:\Program Files\D-Link\AirPlus G\AirGCFG.exe" [2004-09-14 1212416]
"ANIWZCS2Service"="C:\Program Files\ANI\ANIWZCS2 Service\WZCSLDR2.exe" [2004-08-16 45056]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\RunOnce]
"IndexCleaner"="C:\Program Files\Verizon\Verizon Internet Security Suite\IdxClnR.exe" [2008-02-26 61168]
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Notification Packages REG_MULTI_SZ scecli scecli scecli scecli scecli
[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001
"AntiVirusOverride"=dword:00000001
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Kodak\\Kodak EasyShare software\\bin\\EasyShare.exe"=
"C:\\Program Files\\V CAST Music with Rhapsody\\rhapsody.exe"=
"C:\\WINDOWS\\system32\\LEXPPS.EXE"=
R2 Viewpoint Manager Service;Viewpoint Manager Service;C:\Program Files\Viewpoint\Common\ViewpointService.exe [2007-01-04 24652]
S3 Radialpoint Security Services;Verizon Internet Security Suite;C:\Program Files\Verizon\Verizon Internet Security Suite\RpsSecurityAware.exe [2008-02-26 67824]
.
Contents of the 'Scheduled Tasks' folder
.
- - - - ORPHANS REMOVED - - - -
HKLM-Run-MsgCenterExe - C:\Program Files\Common Files\Real\Update_OB\RealOneMessageCenter.exe
Notify-NavLogon - (no file)
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Lisa Drogon\Application Data\Mozilla\Firefox\Profiles\ucfa5c6h.default\
FF -: plugin - C:\Program Files\Adobe\Acrobat 7.0\Reader\browser\nppdf32.dll
FF -: plugin - C:\Program Files\Real\RhapsodyPlayerEngine\nprhapengine.dll
FF -: plugin - C:\Program Files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
.
**************************************************************************
catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-14 21:44:07
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Windows Defender\MsMpEng.exe
C:\Program Files\Verizon\Verizon Internet Security Suite\Fws.exe
C:\Program Files\Common Files\Authentium\AntiVirus\dvpapi.exe
C:\Program Files\CA\PPRT\bin\ITMRTSVC.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Verizon\Verizon Internet Security Suite\rpsupdaterR.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
.
**************************************************************************
.
Completion time: 2008-09-14 21:58:09 - machine was rebooted
ComboFix-quarantined-files.txt 2008-09-15 02:57:38
ComboFix2.txt 2008-09-11 17:56:45
Pre-Run: 27,280,171,008 bytes free
Post-Run: 27,268,517,888 bytes free
156 --- E O F --- 2008-09-13 06:38:04
•
•
Join Date: Jul 2008
Posts: 2,989
Reputation:
Solved Threads: 169
Still going through the combofix log, one thing I didn't notice on the last one...it was there just didn't see this then. There is a program listed, SpyRemover, may I ask, who is the manufacturer of this program? Is it ItCompany.com? The reason I ask, if it is THAT manufacturer then the program is a legitimate program, if it is NOT then it is considered a Rogue program and should be removed.
Can you run HiJackthis again, but this time choose the Misc tools button and get an Uninstall List for me?
It will take me a bit to go through this combofix log but I will get back ASAP to let you know if there are other fixes which need to be done with it. In the meantime post that Uninstall List for me if you can.
Judy
Can you run HiJackthis again, but this time choose the Misc tools button and get an Uninstall List for me?
It will take me a bit to go through this combofix log but I will get back ASAP to let you know if there are other fixes which need to be done with it. In the meantime post that Uninstall List for me if you can.
Judy
|
Similar Threads
- XP Boot problems due to virus? (Viruses, Spyware and other Nasties)
Other Threads in the Viruses, Spyware and other Nasties Forum
- Previous Thread: WinSecurity Toolbar 2.1, Icons appearing on desktop, IE redirect, etc. (w/ Hijackthis
- Next Thread: Browser Hijack Problem
| Thread Tools | Search this Thread |
You need to join our community in order to build your list of favorite forums. You can visit the forum index for a listing of all forums.
Related Forum Features
Latest Viruses, Spyware and other Nasties Posts
adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial commercials conficker connect control crosssitescripting cyber cybercrime cyberwarfare ddos domains e-mafia education email europe exam exploit fake fancheckvirus gaming gtaiv gumblar halloween herss.exe hijack hosting internet iphone kaspersky legal mail malware mcafee mega-d messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile parents patch phishing police policeprovirusmba-mblockedinternetaccess president pro problem redirect reliability report research risk rogueantivirus samhain sans school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war windows worm yahoo zeroday
