Viruses, Spyware and other Nasties RSS Viruses, Spyware and other Nasties RSS

computer infected by SPYWARE!!

Thread Solved
1 2 3 Last »

Join Date: Feb 2004
Posts: 10,009
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: computer infected by SPYWARE!!

 
1
  #11
Nov 3rd, 2007
You can attempt option #2 in normal mode if you wish.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Nov 2007
Posts: 21
Reputation: jramx909 is an unknown quantity at this point 
Solved Threads: 0
jramx909 jramx909 is offline Offline
Newbie Poster

Re: computer infected by SPYWARE!!

 
0
  #12
Nov 3rd, 2007
is it just as effective? and should i wait till the scan is finished? scan seems like its going to take a while
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,009
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: computer infected by SPYWARE!!

 
0
  #13
Nov 3rd, 2007
No, but as you are having problems in safe mode, it's worth a shot.
Wait for the scan to finish though.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Nov 2007
Posts: 21
Reputation: jramx909 is an unknown quantity at this point 
Solved Threads: 0
jramx909 jramx909 is offline Offline
Newbie Poster

Re: computer infected by SPYWARE!!

 
0
  #14
Nov 3rd, 2007
ok heres the log.

KASPERSKY ONLINE SCANNER REPORT
Thursday, September 06, 2007 7:06:24 PM
Operating System: Microsoft Windows XP Home Edition, Service Pack 2 (Build 2600)
Kaspersky Online Scanner version: 5.0.98.0
Kaspersky Anti-Virus database last update: 4/11/2007
Kaspersky Anti-Virus database records: 451049


Scan Settings
Scan using the following antivirus database extended
Scan Archives true
Scan Mail Bases true

Scan Target Critical Areas
C:\WINDOWS
C:\DOCUME~1\Jesse\LOCALS~1\Temp\

Scan Statistics
Total number of scanned objects 18823
Number of viruses found 4
Number of infected objects 8
Number of suspicious objects 0
Duration of the scan process 00:33:56

Infected Object Name Virus Name Last Action
C:\WINDOWS\Debug\PASSWD.LOG Object is locked skipped

C:\WINDOWS\fkwggshm.exe Object is locked skipped

C:\WINDOWS\SchedLgU.Txt Object is locked skipped

C:\WINDOWS\Sti_Trace.log Object is locked skipped

C:\WINDOWS\SYSTEM32\.exe Infected: Trojan-Dropper.Win32.VB.tg skipped

C:\WINDOWS\SYSTEM32\CatRoot2\edb.log Object is locked skipped

C:\WINDOWS\SYSTEM32\CatRoot2\tmp.edb Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Antiviru.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\AppEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Internet.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\MSFWSVC.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SAM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SecEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SECURITY.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SOFTWARE.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SysEvent.Evt Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\SYSTEM.LOG Object is locked skipped

C:\WINDOWS\SYSTEM32\CONFIG\Windows_OneCare_Evt.evt Object is locked skipped

C:\WINDOWS\SYSTEM32\dpqaqlqx.bin Object is locked skipped

C:\WINDOWS\SYSTEM32\H323LOG.TXT Object is locked skipped

C:\WINDOWS\SYSTEM32\mi2.exe/WISE0044.BIN/stream/data0005 Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped

C:\WINDOWS\SYSTEM32\mi2.exe/WISE0044.BIN/stream Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped

C:\WINDOWS\SYSTEM32\mi2.exe/WISE0044.BIN Infected: not-a-virus:AdWare.Win32.Mostofate.aa skipped

C:\WINDOWS\SYSTEM32\mi2.exe WiseSFX: infected - 3 skipped

C:\WINDOWS\SYSTEM32\mi2.exe WiseSFX Dropper: infected - 3 skipped

C:\WINDOWS\SYSTEM32\vvgeowbv.exe Infected: not-virus:Hoax.Win32.Renos.kj skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.BTR Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\INDEX.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING.VER Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING1.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\MAPPING2.MAP Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.DATA Object is locked skipped

C:\WINDOWS\SYSTEM32\WBEM\Repository\FS\OBJECTS.MAP Object is locked skipped

C:\WINDOWS\Temp\Perflib_Perfdata_5f4.dat Object is locked skipped

C:\WINDOWS\Temp\T30DebugLogFile.txt Object is locked skipped

C:\WINDOWS\Temp\_avast4_\Webshlock.txt Object is locked skipped

C:\WINDOWS\WIADEBUG.LOG Object is locked skipped

C:\WINDOWS\WIASERVC.LOG Object is locked skipped

C:\WINDOWS\xlavra3.exe Infected: Trojan-Downloader.Win32.Wixud.c skipped

C:\DOCUME~1\Jesse\LOCALS~1\Temp\~DF1F5E.tmp Object is locked skipped

C:\DOCUME~1\Jesse\LOCALS~1\Temp\~DF1F6B.tmp Object is locked skipped

C:\DOCUME~1\Jesse\LOCALS~1\Temp\~DF4D9C.tmp Object is locked skipped

C:\DOCUME~1\Jesse\LOCALS~1\Temp\~DF5036.tmp Object is locked skipped

Scan process completed.
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,009
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: computer infected by SPYWARE!!

 
0
  #15
Nov 3rd, 2007
Find and delete these;

C:\WINDOWS\SYSTEM32\mi2.exe
C:\WINDOWS\SYSTEM32\vvgeowbv.exe
C:\WINDOWS\xlavra3.exe
C:\WINDOWS\SYSTEM32\.exe

==

How did the rest go?

1. Download this file from one of the following links :

http://download.bleepingcomputer.com/sUBs/ComboFix.exe
http://www.techsupportforum.com/sectools/combofix.exe

2. Double click combofix.exe & follow the prompts.
3. When finished, it shall produce a log for you. Post that log in your next reply, along with a new hijackthis log.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Last edited by crunchie; Nov 3rd, 2007 at 11:30 pm.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Nov 2007
Posts: 21
Reputation: jramx909 is an unknown quantity at this point 
Solved Threads: 0
jramx909 jramx909 is offline Offline
Newbie Poster

Re: computer infected by SPYWARE!!

 
0
  #16
Nov 3rd, 2007
i found C:\WINDOWS\SYSTEM32\mi2 but i dont think it was .exe it and access is denied on C:\WINDOWS\SYSTEM32\vvgeowbv.exe

should i do combofix anyway?
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,009
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: computer infected by SPYWARE!!

 
0
  #17
Nov 4th, 2007
Yes, do combofix please.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Join Date: Nov 2007
Posts: 21
Reputation: jramx909 is an unknown quantity at this point 
Solved Threads: 0
jramx909 jramx909 is offline Offline
Newbie Poster

Re: computer infected by SPYWARE!!

 
0
  #18
Nov 4th, 2007
ok heres the combofix log.

ComboFix 07-11-01.1 - Jesse 2007-11-03 20:14:52.1 - NTFSx86
Running from: C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\G3X6GH9U\ComboFix[1].exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin1.zip
C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy\Recovery\CnsMin2.zip
C:\Documents and Settings\Jesse\My Documents\SMANTE~1
C:\Program Files\akl
C:\Program Files\akl\akl.dll
C:\Program Files\akl\akl.exe
C:\Program Files\akl\curlog.htm
C:\Program Files\akl\keylog.txt
C:\Program Files\akl\readme.txt
C:\Program Files\akl\uninstall.exe
C:\Program Files\akl\unsetup.dat
C:\Program Files\akl\unsetup.exe
C:\Program Files\amsys
C:\Program Files\amsys\awmsg.dat
C:\Program Files\amsys\mfc42.dll
C:\Program Files\amsys\msvcrt.dll
C:\Program Files\amsys\unins000.dat
C:\Program Files\amsys\unis000.exe
C:\Program Files\amsys\winam.dat
C:\Program Files\e-zshopper
C:\Program Files\e-zshopper\BarLcher.dll
C:\Program Files\p2pnetworks
C:\Program Files\sks~1
C:\Program Files\sks~1\??sks\

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))

.
-------\nm


((((((((((((((((((((((((( Files Created from 2007-10-04 to 2007-11-04 )))))))))))))))))))))))))))))))
.

2007-11-24 16:38 <DIR> d-------- C:\Program Files\XP TCPIP Repair
2007-11-21 05:21 4,336 --a------ C:\WINDOWS\SYSTEM32\tmp.reg
2007-11-19 17:22 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\sentinel
2007-11-11 20:39 582,656 --------- C:\WINDOWS\SYSTEM32\DLLCACHE\rpcrt4.dll
2007-11-03 20:37 <DIR> d-------- C:\Program Files\p2pnetworks
2007-11-03 20:37 <DIR> d-------- C:\Program Files\e-zshopper
2007-11-03 20:37 <DIR> d-------- C:\Program Files\amsys
2007-11-03 20:37 <DIR> d-------- C:\Program Files\Accoona
2007-11-03 20:36 <DIR> d-------- C:\Program Files\akl
2007-11-03 20:36 <DIR> d-------- C:\Program Files\3721
2007-11-03 20:36 29,696 --a------ C:\WINDOWS\7search.dll
2007-11-03 20:36 29,184 --a------ C:\WINDOWS\764.exe
2007-11-03 20:07 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-14 16:35 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Trymedia
2007-10-06 12:12 18,432 --a------ C:\WINDOWS\fkwggshm.exe
2007-10-06 11:56 <DIR> d-------- C:\WINDOWS\SYSTEM32\acespy
2007-10-06 11:56 22,528 --a------ C:\WINDOWS\wml.exe
2007-10-06 11:55 25,856 --a------ C:\WINDOWS\flt.dll
2007-10-06 11:10 95,608 --a------ C:\WINDOWS\SYSTEM32\AvastSS.scr
2007-10-06 11:10 42,912 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswTdi.sys
2007-10-06 11:10 26,624 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aavmker4.sys
2007-10-06 11:10 23,152 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswRdr.sys
2007-10-06 11:09 801,144 --a------ C:\WINDOWS\SYSTEM32\aswBoot.exe
2007-10-06 11:09 94,416 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon2.sys
2007-10-06 11:09 92,848 --a------ C:\WINDOWS\SYSTEM32\DRIVERS\aswmon.sys
2007-10-06 10:34 289,144 --a------ C:\WINDOWS\SYSTEM32\VCCLSID.exe
2007-10-06 10:34 288,417 --a------ C:\WINDOWS\SYSTEM32\SrchSTS.exe
2007-10-06 10:34 53,248 --a------ C:\WINDOWS\SYSTEM32\Process.exe
2007-10-06 10:34 51,200 --a------ C:\WINDOWS\SYSTEM32\dumphive.exe
2007-10-06 10:34 25,600 --a------ C:\WINDOWS\SYSTEM32\WS2Fix.exe
2007-10-05 22:17 31,232 --a------ C:\WINDOWS\SYSTEM32\ace16win.dll
2007-10-05 22:17 28,160 --a------ C:\WINDOWS\SYSTEM32\wml.exe
2007-10-05 19:31 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-05 03:28 138,752 ----a-w C:\WINDOWS\system32\drivers\sp_rsdrv2.sys
2007-12-05 00:16 --------- d-----w C:\Program Files\McAfee.com
2007-12-05 00:05 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee.com
2007-12-05 00:04 --------- d-----w C:\Program Files\McAfee
2007-12-05 00:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\McAfee
2007-12-04 23:50 --------- d-----w C:\Program Files\Common Files\Download Manager
2007-12-04 16:19 --------- d---a-w C:\Documents and Settings\All Users\Application Data\TEMP
2007-12-04 10:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\Grisoft
2007-12-04 06:17 --------- d-----w C:\Program Files\Trend Micro
2007-12-04 06:04 --------- d-----w C:\Program Files\Project64 1.6
2007-12-04 02:18 36,791 ----a-w C:\WINDOWS\system32\drivers\pt.htm
2007-12-04 02:18 12,435 ----a-w C:\WINDOWS\system32\drivers\detect.htm
2007-12-04 02:18 1,024 ----a-w C:\WINDOWS\system32\drivers\s_detect.htm
2007-12-04 02:16 979 ----a-w C:\WINDOWS\system32\drivers\product_2_name_small.gif
2007-12-04 02:16 877 ----a-w C:\WINDOWS\system32\drivers\header_red_bg.gif
2007-12-04 02:16 838 ----a-w C:\WINDOWS\system32\drivers\header_red_free_scan_bg.gif
2007-12-04 02:16 837 ----a-w C:\WINDOWS\system32\drivers\blank.gif
2007-12-04 02:16 835 ----a-w C:\WINDOWS\system32\drivers\style.css
2007-12-04 02:16 821 ----a-w C:\WINDOWS\system32\drivers\shadow_bg.gif
2007-12-04 02:16 8,852 ----a-w C:\WINDOWS\system32\drivers\download_btn.jpg
2007-12-04 02:16 65 ----a-w C:\WINDOWS\system32\drivers\sep_hor.gif
2007-12-04 02:16 639 ----a-w C:\WINDOWS\system32\drivers\star.gif
2007-12-04 02:16 550 ----a-w C:\WINDOWS\system32\drivers\star_small.gif
2007-12-04 02:16 53 ----a-w C:\WINDOWS\system32\drivers\sep_vert.gif
2007-12-04 02:16 49 ----a-w C:\WINDOWS\system32\drivers\spacer.gif
2007-12-04 02:16 425 ----a-w C:\WINDOWS\system32\drivers\star_gray.gif
2007-12-04 02:16 4,448 ----a-w C:\WINDOWS\system32\drivers\download_now_btn.gif
2007-12-04 02:16 4,008 ----a-w C:\WINDOWS\system32\drivers\rating.gif
2007-12-04 02:16 3,877 ----a-w C:\WINDOWS\system32\drivers\warning_icon.gif
2007-12-04 02:16 3,552 ----a-w C:\WINDOWS\system32\drivers\cell_header_remove.gif
2007-12-04 02:16 3,479 ----a-w C:\WINDOWS\system32\drivers\cell_header_scan.gif
2007-12-04 02:16 3,313 ----a-w C:\WINDOWS\system32\drivers\cell_header_block.gif
2007-12-04 02:16 3,216 ----a-w C:\WINDOWS\system32\drivers\header_red_free_scan.gif
2007-12-04 02:16 3,080 ----a-w C:\WINDOWS\system32\drivers\product_3_header.gif
2007-12-04 02:16 291 ----a-w C:\WINDOWS\system32\drivers\v.gif
2007-12-04 02:16 283 ----a-w C:\WINDOWS\system32\drivers\x.gif
2007-12-04 02:16 28,459 ----a-w C:\WINDOWS\system32\drivers\header_1.gif
2007-12-04 02:16 26,487 ----a-w C:\WINDOWS\system32\drivers\screenshot.jpg
2007-12-04 02:16 223 ----a-w C:\WINDOWS\system32\drivers\star_gray_small.gif
2007-12-04 02:16 215 ----a-w C:\WINDOWS\system32\drivers\main_back.gif
2007-12-04 02:16 2,922 ----a-w C:\WINDOWS\system32\drivers\footer_back.jpg
2007-12-04 02:16 2,798 ----a-w C:\WINDOWS\system32\drivers\shadow.jpg
2007-12-04 02:16 2,604 ----a-w C:\WINDOWS\system32\drivers\product_1_header.gif
2007-12-04 02:16 2,238 ----a-w C:\WINDOWS\system32\drivers\download_box.gif
2007-12-04 02:16 2,214 ----a-w C:\WINDOWS\system32\drivers\product_2_header.gif
2007-12-04 02:16 16,977 ----a-w C:\WINDOWS\system32\drivers\header_red_protect_your_pc.gif
2007-12-04 02:16 15,421 ----a-w C:\WINDOWS\system32\drivers\header_2.gif
2007-12-04 02:16 13,618 ----a-w C:\WINDOWS\system32\drivers\spy_away_box.jpg
2007-12-04 02:16 12,326 ----a-w C:\WINDOWS\system32\drivers\box_3.gif
2007-12-04 02:16 12,313 ----a-w C:\WINDOWS\system32\drivers\box_1.gif
2007-12-04 02:16 11,927 ----a-w C:\WINDOWS\system32\drivers\box_2.gif
2007-12-04 02:16 11,077 ----a-w C:\WINDOWS\system32\drivers\header_4.gif
2007-12-04 02:16 10,260 ----a-w C:\WINDOWS\system32\drivers\perfect_cleaner_box.jpg
2007-12-04 02:16 10,193 ----a-w C:\WINDOWS\system32\drivers\header_3.gif
2007-12-04 02:16 1,791 ----a-w C:\WINDOWS\system32\drivers\win_logo.gif
2007-12-04 02:16 1,714 ----a-w C:\WINDOWS\system32\drivers\product_3_name_small.gif
2007-12-04 02:16 1,647 ----a-w C:\WINDOWS\system32\drivers\button_freescan.gif
2007-12-04 02:16 1,619 ----a-w C:\WINDOWS\system32\drivers\button_buynow.gif
2007-12-04 02:16 1,373 ----a-w C:\WINDOWS\system32\drivers\cell_footer.gif
2007-12-04 02:16 1,342 ----a-w C:\WINDOWS\system32\drivers\cell_bg.gif
2007-12-04 02:16 1,330 ----a-w C:\WINDOWS\system32\drivers\product_features.gif
2007-12-04 02:16 1,253 ----a-w C:\WINDOWS\system32\drivers\product_1_name_small.gif
2007-12-04 02:16 1,204 ----a-w C:\WINDOWS\system32\drivers\infected.gif
2007-12-02 21:06 --------- d-----w C:\Program Files\Trymedia
2007-11-27 04:27 --------- d-----w C:\Program Files\Warcraft III
2007-11-20 00:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\avg7
2007-11-19 19:35 --------- d-----w C:\Documents and Settings\Jesse\Application Data\AVG7
2007-11-15 06:39 1,725 ----a-w C:\Program Files\URGE.lnk
2007-11-04 03:44 --------- d-----w C:\Program Files\Microsoft Windows OneCare Live
2007-11-04 03:37 9,984 ----a-w C:\WINDOWS\kvnab.dll
2007-11-04 03:37 9,472 ----a-w C:\WINDOWS\wbeInst$.exe
2007-11-04 03:37 28,928 ----a-w C:\WINDOWS\kvnab$.exe
2007-11-04 03:37 26,624 ----a-w C:\WINDOWS\wbeCheck.exe
2007-11-04 03:37 26,368 ----a-w C:\WINDOWS\SYSTEM32\msole32.exe
2007-11-04 03:37 24,320 ----a-w C:\WINDOWS\pbsysie.dll
2007-11-04 03:37 19,200 ----a-w C:\WINDOWS\settn.dll
2007-11-04 03:37 16,128 ----a-w C:\WINDOWS\kvnab.exe
2007-11-04 03:37 15,616 ----a-w C:\WINDOWS\iexplorr23.dll
2007-11-04 03:37 14,336 ----a-w C:\WINDOWS\hcwprn.exe
2007-10-06 22:02 --------- d-----w C:\Documents and Settings\Jesse\Application Data\Spyware Terminator
2007-10-06 19:02 --------- d-----w C:\Program Files\Spyware Terminator
2007-10-06 18:15 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spyware Terminator
2007-10-06 17:32 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-10-06 05:45 --------- d-----w C:\Program Files\WinClamAVShield
2007-10-06 05:05 --------- d-----w C:\Program Files\BearShare
2007-09-11 03:45 --------- d-----w C:\Program Files\Common Files\Adobe
2007-09-07 09:31 --------- d-----w C:\Program Files\Common Files\AVSMedia
2007-09-07 09:31 --------- d-----w C:\Program Files\AVS4YOU
2007-09-07 07:52 --------- d-----w C:\Documents and Settings\Jesse\Application Data\AVS4YOU
2007-09-07 07:51 --------- d-----w C:\Documents and Settings\All Users\Application Data\AVS4YOU
2007-09-07 05:31 --------- d-----w C:\Program Files\LucasArts
2007-09-07 05:31 --------- d-----w C:\Documents and Settings\Jesse\Application Data\Petroglyph
2007-09-07 05:30 --------- d-----w C:\Documents and Settings\Jesse\Application Data\InstallShield
2007-09-07 05:16 --------- d-----w C:\Program Files\DivX
2007-09-07 01:10 --------- d-----w C:\Documents and Settings\All Users\Application Data\Kaspersky Lab
2007-09-04 10:27 --------- d-----w C:\Program Files\Yahoo!
2007-09-04 10:27 --------- d-----w C:\Program Files\Common Files\Scanner
2007-09-04 10:27 --------- d-----w C:\Documents and Settings\Jesse\Application Data\Yahoo!
2007-09-04 10:27 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo! Companion
2007-08-27 22:43 98,304 ----a-w C:\WINDOWS\SYSTEM32\CmdLineExt.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000012-890e-4aac-afd9-eff6954a34dd}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{029e02f0-a0e5-4b19-b958-7bf2db29fb13}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{54645654-2225-4455-44A1-9F4543D34546}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6abc861a-31e7-4d91-b43b-d3c98f22a5c0}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{a4a435cf-3583-11d4-91bd-0048546a1450}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{b8875bfe-b021-11d4-bfa8-00508b8e9bd3}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c2680e10-1655-4a0e-87f8-4259325a84b7}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{d8efadf1-9009-11d6-8c73-608c5dc19089}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SoundMAXPnP"="C:\Program Files\Analog Devices\Core\smax4pnp.exe" [2004-10-14 12:42]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-08-20 13:55]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-08-20 13:51]
"SunJavaUpdateSched"="C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe" [2003-11-19 15:48]
"IntelMeM"="C:\Program Files\Intel\Modem Event Monitor\IntelMEM.exe" [2003-09-03 18:12]
"XeroxScannerDaemon"="C:\Program Files\Xerox\NWWia\XrxFTPLt.exe" [2001-08-17 22:37]
"bacstray"="BacsTray.exe" [2003-05-08 17:15 C:\WINDOWS\SYSTEM32\BacsTray.exe]
"PinnacleDriverCheck"="C:\WINDOWS\system32\PSDrvCheck.exe" [2003-05-28 17:37]
"VOBID"="C:\Program Files\Pinnacle\InstantCDDVD\InstantDrive\InstantDrive.exe" [2003-03-31 18:59]
"IW ControlCenter"="C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe" [2003-03-12 12:56]
"HostManager"="C:\Program Files\Common Files\AOL\1142396636\ee\AOLSoftware.exe" [2006-05-09 17:24]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2006-10-25 19:58]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2006-10-30 10:36]
"Profiler"="C:\Program Files\Saitek\Software\Profiler.exe" [2005-06-14 15:23]
"SaiMfd"="C:\Program Files\Saitek\Software\SaiMfd.exe" [2005-06-17 19:02]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [2006-08-11 21:43]
"nwiz"="nwiz.exe" [2006-08-11 21:43 C:\WINDOWS\SYSTEM32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [2006-08-11 21:43]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2007-05-11 03:06]
"OneCareUI"="C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe" [2007-10-01 10:53]
"SpywareTerminator"="C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe" [2007-12-04 20:25]
"RRT-Auto"="C:\Documents and Settings\Jesse\Local Settings\Temporary Internet Files\Content.IE5\TBSMCGVD\RRT[1].exe" [2007-10-05 22:37]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-09-06 03:06]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DellSupport"="C:\Program Files\DellSupport\DSAgnt.exe" [2007-03-15 11:09]
"Aim6"="" []
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 03:00]
"AdobeUpdater"="C:\Program Files\Common Files\Adobe\Updater5\AdobeUpdater.exe" [2007-03-01 10:37]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46]

C:\Documents and Settings\Jesse\Start Menu\Programs\Startup\
Registration-INSDVD.lnk - C:\Program Files\Pinnacle\InstantCDDVD\SharedFiles\Pixie\RegTool.exe [2002-09-26 14:18:00]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
802.11g USB adapter.lnk - C:\Program Files\11g USB adapter\Wifiusb.exe [2004-09-06 06:11:36]
Microsoft Office.lnk - C:\Program Files\Microsoft Office\Office\OSA9.EXE [1999-02-17 13:05:56]
QuickBooks Update Agent.lnk - C:\Program Files\Common Files\Intuit\QuickBooks\QBUpdate\qbupdate.exe [2004-11-11 09:59:36]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows nt\currentversion\winlogon]
"Userinit"="C:\\WINDOWS\\system32\\vvgeowbv.exe,C:\\WINDOWS\\system32\\userinit.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\IRPenu]
IRPenu.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\OneCareMP]
@="Service"


[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\D]
\Shell\AutoRun\command - D:\autoplay.exe

.
Contents of the 'Scheduled Tasks' folder
"2007-10-06 01:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (D8JZC971-Jesse).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
"2007-02-19 07:26:34 C:\WINDOWS\Tasks\MP Scheduled Quick Scan.job"
- C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MpCmdRun.exe
.
**************************************************************************

catchme 0.3.1250 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-11-03 20:44:40
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-11-03 20:54:22 - machine was rebooted
.
--- E O F ---


and heres the hjt

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 9:05:18 PM, on 11/3/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16544)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Microsoft Windows OneCare Live\Antivirus\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\system32\vvgeowbv.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\nvsvc32.exe
C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Viewpoint\Common\ViewpointService.exe
C:\Program Files\Microsoft Windows OneCare Live\Firewall\msfwsvc.exe
C:\Program Files\Microsoft Windows OneCare Live\winss.exe
C:\Program Files\Analog Devices\Core\smax4pnp.exe
C:\Program Files\Java\j2re1.4.2_03\bin\jusched.exe
C:\Program Files\Xerox\NWWia\XrxFTPLt.exe
C:\WINDOWS\system32\BacsTray.exe
C:\Program Files\Viewpoint\Viewpoint Manager\ViewMgr.exe
C:\Program Files\Pinnacle\InstantCDDVD\InstantWrite\iwctrl.exe
C:\Program Files\Common Files\AOL\1142396636\ee\AOLSoftware.exe
C:\Program Files\QuickTime\qttask.exe
C:\Program Files\Saitek\Software\Profiler.exe
C:\Program Files\Saitek\Software\SaiMfd.exe
C:\Program Files\Microsoft Windows OneCare Live\winssnotify.exe
C:\PROGRA~1\SPYWAR~1\SpywareTerminatorShield.exe
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\DellSupport\DSAgnt.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\11g USB adapter\Wifiusb.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\Program Files\Alwil Software\Avast4\setup\avast.setup
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: DSBrokerService - Unknown owner - C:\Program Files\DellSupport\brkrsvc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: Spyware Terminator Realtime Shield Service (sp_rssrv) - Crawler.com - C:\PROGRA~1\SPYWAR~1\sp_rsser.exe
O23 - Service: Viewpoint Manager Service - Viewpoint Corporation - C:\Program Files\Viewpoint\Common\ViewpointService.exe

--
End of file - 3409 bytes

i dont think it worked.
Reply With Quote Quick reply to this message  
Join Date: Nov 2007
Posts: 21
Reputation: jramx909 is an unknown quantity at this point 
Solved Threads: 0
jramx909 jramx909 is offline Offline
Newbie Poster

Re: computer infected by SPYWARE!!

 
0
  #19
Nov 4th, 2007
YES!! i think you might have solved my problem. i ran smitfraudfix in normal mode and i think it worked. ill post the log at start up yellow triangle wasnt there. and start up was a LOT faster. im scared to surf the internet now cuz i dont want to get infected. lol. id really appreciate it if you could give me a site to download a free anti virus. THANKS SO MUCH. =D if all stays well for a few days i guess that means its fixed.

SmitFraudFix v2.246

Scan done at 21:41:50.95, Sat 11/03/2007
Run from C:\Documents and Settings\Jesse\Desktop\SmitfraudFix
OS: Microsoft Windows XP [Version 5.1.2600] - Windows_NT
The filesystem type is NTFS
Fix run in normal mode

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler Before SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll

»»»»»»»»»»»»»»»»»»»»»»»» Killing process


»»»»»»»»»»»»»»»»»»»»»»»» hosts

127.0.0.1 localhost

»»»»»»»»»»»»»»»»»»»»»»»» Winsock2 Fix

S!Ri's WS2Fix: LSP not Found.


»»»»»»»»»»»»»»»»»»»»»»»» Generic Renos Fix

GenericRenosFix by S!Ri


»»»»»»»»»»»»»»»»»»»»»»»» Deleting infected files

C:\WINDOWS\system32\ace16win.dll Deleted
C:\WINDOWS\system32\msole32.exe Deleted

»»»»»»»»»»»»»»»»»»»»»»»» DNS

Description: Broadcom 440x 10/100 Integrated Controller - Packet Scheduler Miniport
DNS Server Search Order: 192.168.1.1
DNS Server Search Order: 68.238.64.12

HKLM\SYSTEM\CCS\Services\Tcpip\..\{02539C31-34DB-4272-80B5-E30D968D262B}: DhcpNameServer=192.168.1.1 68.238.64.12
HKLM\SYSTEM\CCS\Services\Tcpip\..\{0761E23C-9B53-47CC-AFE0-F564B0D036B5}: NameServer=192.168.1.1,68.238.64.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{02539C31-34DB-4272-80B5-E30D968D262B}: DhcpNameServer=192.168.1.1 68.238.64.12
HKLM\SYSTEM\CS1\Services\Tcpip\..\{0761E23C-9B53-47CC-AFE0-F564B0D036B5}: NameServer=192.168.1.1,68.238.64.12
HKLM\SYSTEM\CS3\Services\Tcpip\..\{02539C31-34DB-4272-80B5-E30D968D262B}: DhcpNameServer=192.168.1.1 198.6.1.3
HKLM\SYSTEM\CS3\Services\Tcpip\..\{0761E23C-9B53-47CC-AFE0-F564B0D036B5}: NameServer=192.168.1.1,68.238.64.12
HKLM\SYSTEM\CCS\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 68.238.64.12
HKLM\SYSTEM\CS1\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 68.238.64.12
HKLM\SYSTEM\CS3\Services\Tcpip\Parameters: DhcpNameServer=192.168.1.1 198.6.1.3


»»»»»»»»»»»»»»»»»»»»»»»» Deleting Temp Files


»»»»»»»»»»»»»»»»»»»»»»»» Winlogon.System
!!!Attention, following keys are not inevitably infected!!!

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon]
"System"=""


»»»»»»»»»»»»»»»»»»»»»»»» Registry Cleaning

Registry Cleaning done.

»»»»»»»»»»»»»»»»»»»»»»»» SharedTaskScheduler After SmitFraudFix
!!!Attention, following keys are not inevitably infected!!!

SrchSTS.exe by S!Ri
Search SharedTaskScheduler's .dll


»»»»»»»»»»»»»»»»»»»»»»»» End
Reply With Quote Quick reply to this message  
Join Date: Feb 2004
Posts: 10,009
Reputation: crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold crunchie is a splendid one to behold 
Solved Threads: 757
Moderator
Featured Poster
crunchie's Avatar
crunchie crunchie is offline Offline
Spyware Killer

Re: computer infected by SPYWARE!!

 
0
  #20
Nov 4th, 2007
As you can see, comobofix made quite a few deletions and revealed a few more possibilities.
Your latest log looks like it has been edited? Half of it is missing.

Please go to Jotti's or to virustotal and have these files scanned. Post the results back here.

C:\WINDOWS\kvnab.dll
C:\WINDOWS\wbeInst$.exe
C:\WINDOWS\kvnab$.exe
C:\WINDOWS\SYSTEM32\msole32.exe
C:\WINDOWS\pbsysie.dll
C:\WINDOWS\settn.dll
C:\WINDOWS\kvnab.exe
C:\WINDOWS\iexplorr23.dll
C:\WINDOWS\hcwprn.exe

====================

Open Notepad (Start -> Run -> type notepad in the Open field -> OK) and copy and paste the following text in the code box:

File::
C:\WINDOWS\SYSTEM32\vvgeowbv.exe

Registry::
[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{ca1d1b05-9c66-11d5-a009-000103c1e50b}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c5af2622-8c75-4dfb-9693-23ab7686a456}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{c4ca6559-2cf1-48b6-96b2-8340a06fd129}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{bb936323-19fa-4521-ba29-eca6a121bc78}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A6E432B4-D4C2-43B3-BF55-C364F8F7362A}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{944864a5-3916-46e2-96a9-a2e84f3f1208}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{669695bc-a811-4a9d-8cdf-ba8c795f261e}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{53C330D6-A4AB-419B-B45D-FD4411C1FEF4}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{51641ef3-8a7a-4d84-8659-b0911e947cc8}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{2d7cb618-cc1c-4126-a7e3-f5b12d3bcf71}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{1adbcce8-cf84-441e-9b38-afc7a19c06a4}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{06dfedaa-6196-11d5-bfc8-00508b4a487d}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{00000000-d9e3-4bc6-a0bd-3d0ca4be5271}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9147a0a-a866-4214-b47c-da821891240f}]

[-HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{e9306072-417e-43e3-81d5-369490beef7c}]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RRT-Auto"=-

Save this as CFScript.txt and change the "Save as type" to "All Files" and place it on your desktop.

http://i5.photobucket.com/albums/y15...1/CFScript.gif

Referring to the image above, drag CFScript.txt into ComboFix.exe.
ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
When finished, it shall produce a log for you. Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

Post another hijackthis log too if the removal was successful.
Last edited by crunchie; Nov 4th, 2007 at 1:53 am.
Proud member of ASAP (Alliance of Security analysis Professionals).
Opera AVAST anti-virus Comodo Firewall Spywareblaster
Reply With Quote Quick reply to this message  
Reply
1 2 3 Last »

Quick Reply to Thread
This thread has been marked solved.
Perhaps start a new thread instead?
Message:



Similar Threads
Other Threads in the Viruses, Spyware and other Nasties Forum
Thread Tools Search this Thread



adware anti-malware anti-virussitesaccessissue antivirus apple attack avg backtoschoolspeech bar blackhat botnet botnets censorship china commercial conficker connect control cyber cybercrime cyberwarfare ddos education email europe exam exploit facebook fake fancheckvirus gaming gtaiv halloween herss.exe hijack hosting internet iphone kaspersky legal logfiles malware mcafee messagelabs microsoft mobile msn nazi news obama onlinethreats paedophile panel parents patch phishing police policeprovirusmba-mblockedinternetaccess president privacy pro problem redirect redirecting reliability report research risk rogueantivirus samhain sans scareware school search security seopoisoning sites software spam spyware spywareexternalwindows7adminstratortrojans sqlinjection symantec system teen translate trojan unabletoaccessanti-virussites unwanted update usa virus viruses vista war warning windows worm yahoo zeroday
About Us | Contact Us | Advertise | DaniWeb | Acceptable Use Policy | RSS Feed

©2003 - 2009 DaniWeb® LLC