Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help! Can't Get Adware Removed, Tried Everything!


  • This topic is locked This topic is locked
1 reply to this topic

#1 scotishlinks

scotishlinks

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 11 October 2007 - 10:11 AM

I have a pop-up adware that I can not get rid of. I have run Ad-Aware, SPYBot, SpyNuker and none of these programs file the adware. I have also tried VundoFix and that did nothing. I have used ComboFix.exe and that removed it yet as soon as I reboot the system the adware gets reinstalled, so obviously the root file is not being found/removed.

Here is my Hijack log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:09, on 2007-10-11
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\ENDFORCE\AgentAPI.exe
C:\Adp\MSDE\MSSQL$ADPDB\Binn\sqlservr.exe
C:\Program Files\Common Files\Trend Micro\OfficeScan Client\ntrtscan.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Common Files\Trend Micro\OfficeScan Client\tmlisten.exe
C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
C:\WINDOWS\System32\wltrysvc.exe
C:\WINDOWS\System32\bcmwltry.exe
C:\WINDOWS\System32\CCM\CcmExec.exe
C:\Program Files\Common Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
C:\PROGRAM FILES\COMMON FILES\TREND MICRO\OFFICESCAN CLIENT\0FCD0G.EXE
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\igfxpers.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\Program Files\Common Files\Trend Micro\OfficeScan Client\pccntmon.exe
C:\Program Files\ENDFORCE\AgntTray.exe
C:\Program Files\Spyware Nuker\swnxt.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Documents and Settings\cw110858\My Documents\TEmp\starbuck.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = about:
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://iis.ncrnet.ncr.com/ncrnet
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://iis.ncrnet.ncr.com/ncrnet
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://iis.ncrnet.ncr.com/ncrnet
O1 - Hosts: 192.127.38.18 www.fls.ncr.com/default.asp
O2 - BHO: HelperObject Class - {00C6482D-C502-44C8-8409-FCE54AD9C208} - C:\Program Files\TechSmith\SnagIt 7\SnagItBHO.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar4.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.0.301.7164\swg.dll
O2 - BHO: (no name) - {B1C9026C-9046-445E-AD9C-A6ABCDF119ED} - C:\WINDOWS\system32\xxwtq.dll
O3 - Toolbar: SnagIt - {8FF5E183-ABDE-46EB-B09E-D2AAB95CABE3} - C:\Program Files\TechSmith\SnagIt 7\SnagItIEAddin.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar4.dll
O4 - HKLM\..\Run: [Persistence] C:\WINDOWS\system32\igfxpers.exe
O4 - HKLM\..\Run: [IgfxTray] C:\WINDOWS\system32\igfxtray.exe
O4 - HKLM\..\Run: [OfficeScanNT Monitor] "C:\Program Files\Common Files\Trend Micro\OfficeScan Client\pccntmon.exe" -HideWindow
O4 - HKLM\..\Run: [ENDFORCEAgent] "C:\Program Files\ENDFORCE\AgntTray.exe"
O4 - HKLM\..\Run: [SWN2] C:\Program Files\Spyware Nuker\swnxt.exe /h
O4 - HKLM\..\Run: [PestPatrol Control Center] c:\PROGRA~1\PESTPA~1\PPControl.exe
O4 - HKLM\..\Run: [PPMemCheck] c:\PROGRA~1\PESTPA~1\PPMemCheck.exe
O4 - HKLM\..\Run: [CookiePatrol] c:\PROGRA~1\PESTPA~1\CookiePatrol.exe
O4 - HKCU\..\Run: [swg] C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Restrictions present
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\WINDOWS\System32\msjava.dll
O9 - Extra button: (no name) - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra 'Tools' menuitem: Uninstall BitDefender Online Scanner v8 - {85d1f590-48f4-11d9-9669-0800200c9a66} - C:\WINDOWS\bdoscandel.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra button: NCRNet - {A57C9236-CDAE-4405-991E-B87980CDE906} - http://iis.ncrnet.ncr.com/ncrnet (file missing) (HKCU)
O14 - IERESET.INF: START_PAGE_URL=http://iis.ncrnet.ncr.com/ncrnet
O15 - Trusted Zone: http://*.firstleveltechnology.com
O15 - Trusted Zone: http://*.ncr.com
O15 - Trusted Zone: http://*.ncr.com (HKLM)
O16 - DPF: {01A88BB1-1174-41EC-ACCB-963509EAE56B} (SysProWmi Class) - http://support.dell.com/systemprofiler/SysPro.CAB
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {1E1BC012-AC2A-403F-AEE4-A32E1F18986D} (Logoff Class) - https://www.passwordmanager.ncr.com/psynch/docs/pslogoff.dll
O16 - DPF: {4E67B0DB-1CAE-11D2-AD10-02608CA0806B} (NCRVersionControl Class) - http://iis.ncrnet.ncr.com/cab/NCRFile.cab
O16 - DPF: {5D86DDB5-BDF9-441B-9E9E-D4730F4EE499} (BDSCANONLINE Control) - http://download.bitdefender.com/resources/scan8/oscan8.cab
O16 - DPF: {644E432F-49D3-41A1-8DD5-E099162EEEC5} (Symantec RuFSI Utility Class) - http://security.symantec.com/sscv6/SharedC...n/bin/cabsa.cab
O16 - DPF: {8569D715-FF88-44BA-8D1D-AD3E59543DDE} (ActiveReports Viewer2) - http://www.datadynamics.com/Products/ARNET...ase/arview2.cab
O16 - DPF: {A93D84FD-641F-43AE-B963-E6FA84BE7FE7} (LinkSys Content Update) - http://www.linksysfix.com/netcheck/45/install/gtdownls.cab
O16 - DPF: {B38870E4-7ECB-40DA-8C6A-595F0A5519FF} (MsnMessengerSetupDownloadControl Class) - http://messenger.msn.com/download/MsnMesse...pDownloader.cab
O16 - DPF: {B43412CF-F0E4-11D2-A01A-00A0C9AD89DF} (Directory Class) - http://iisdev.ncrnet.ncr.com/cab/easyx500.cab
O16 - DPF: {BA2A9829-8040-4BF3-BDB6-51512826B68B} (Authentication.Authenticate) - http://web.ncrnet.ncr.com/cab/phonebook.cab
O16 - DPF: {CAFEEFAC-0014-0002-0012-ABCDEFFEDCBA} (Java Runtime Environment 1.4.2) - https://time.hostedeet.com/WFC/plugins/j2re...dows-i586-p.exe
O16 - DPF: {D6A86AEF-734C-11D8-85BB-009027AB1D27} (NTUserLogin.UserQKID) - http://susptc801.corp.ncr.com:81/EDW2/clsGetUser.CAB
O16 - DPF: {DBA230D1-8467-4e69-987E-5FAE815A3B45} -
O16 - DPF: {DD3D661B-E8FA-11D2-A018-00A0C9AD89DF} (Phonebook.Application) - http://web.ncrnet.ncr.com/cab/phonebook.cab
O16 - DPF: {F5131C24-E56D-11CF-B78A-444553540000} (Ikonic Menu Control) - http://cks.columbiasc.ncr.com/scripts/ikcntrls.cab
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: Domain = corp.ncr.com
O17 - HKLM\Software\..\Telephony: DomainName = corp.ncr.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: Domain = corp.ncr.com
O17 - HKLM\System\CS1\Services\Tcpip\Parameters: SearchList = firstleveltechnology.com
O17 - HKLM\System\CCS\Services\Tcpip\Parameters: SearchList = firstleveltechnology.com
O20 - Winlogon Notify: hggfcba - hggfcba.dll (file missing)
O20 - Winlogon Notify: winlbt32 - winlbt32.dll (file missing)
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: ENDFORCE Agent API - ENDFORCE, Inc. - C:\Program Files\ENDFORCE\AgentAPI.exe
O23 - Service: Contivity VPN Service (ExtranetAccess) - Nortel Networks NA, Inc. - C:\Program Files\Nortel Networks\Extranet_serv.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: iPod Service - Apple Computer, Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: OfficeScanNT RealTime Scan (ntrtscan) - Trend Micro Inc. - C:\Program Files\Common Files\Trend Micro\OfficeScan Client\ntrtscan.exe
O23 - Service: OfficeScanNT Personal Firewall (OfcPfwSvc) - Trend Micro Inc. - C:\Program Files\Common Files\Trend Micro\OfficeScan Client\OfcPfwSvc.exe
O23 - Service: OfficeScanNT Listener (tmlisten) - Trend Micro Inc. - C:\Program Files\Common Files\Trend Micro\OfficeScan Client\tmlisten.exe
O23 - Service: Nortel Networks TunnelGuard (tunnelguardservice) - Alexandria Software Consulting - C:\Program Files\Nortel Networks\TunnelGuard\CueAgent_srv.exe
O23 - Service: WLTRYSVC - Unknown owner - C:\WINDOWS\System32\wltrysvc.exe

--
End of file - 9084 bytes


Also, here is the last ComboFix.exe log file that I generated and where the adware was suppose to have been removed yet as soon as rebooted the adware came back...

ComboFix 07-10-11.1 - cw110858 2007-10-11 10:05:52.1 - NTFSx86 NETWORK
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.336 [GMT -4:00]
Running from: C:\Documents and Settings\cw110858\My Documents\TEmp\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\cookies.ini

.
((((((((((((((((((((((((( Files Created from 2007-09-11 to 2007-10-11 )))))))))))))))))))))))))))))))
.

2007-10-11 09:52 51,200 --a------ C:\WINDOWS\NirCmd.exe
2007-10-10 16:16 <DIR> d-------- C:\Documents and Settings\cw110858\Application Data\AdwareAlert
2007-10-10 15:46 <DIR> d-------- C:\VundoFix Backups
2007-10-10 12:35 <DIR> d-------- C:\Program Files\LIUtilities
2007-10-10 12:10 <DIR> d-------- C:\Program Files\Lavasoft
2007-10-10 12:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2007-10-10 12:08 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2007-10-10 09:42 549,782 ---hs---- C:\WINDOWS\system32\qtwxx.ini2
2007-10-09 14:55 508,803 ---hs---- C:\WINDOWS\system32\qtwxx.bak2
2007-10-09 13:50 303,712 --------- C:\WINDOWS\system32\xxwtq.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-10-11 13:40 67,645 ----a-w C:\WINDOWS\system32\drivers\pshook11.sys
2007-10-10 12:27 --------- d-----w C:\Program Files\The Adventure Company
2007-10-10 12:23 --------- d-----w C:\Program Files\Microsoft ActiveSync
2007-10-10 03:20 --------- d-----w C:\Program Files\Spyware Nuker
2007-08-28 15:16 --------- d-----w C:\Program Files\MSN Messenger
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{A995F0C1-311B-4525-8AE3-FC1E2F02A47B}]
2007-10-09 13:50 303712 --------- C:\WINDOWS\system32\xxwtq.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"Persistence"="C:\WINDOWS\system32\igfxpers.exe" [2005-06-08 12:03]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2005-06-08 12:02]
"OfficeScanNT Monitor"="C:\Program Files\Common Files\Trend Micro\OfficeScan Client\pccntmon.exe" [2006-02-07 17:16]
"ENDFORCEAgent"="C:\Program Files\ENDFORCE\AgntTray.exe" [2006-08-01 15:00]
"SWN2"="C:\Program Files\Spyware Nuker\swnxt.exe" [2006-06-09 12:11]
"PestPatrol Control Center"="c:\PROGRA~1\PESTPA~1\PPControl.exe" []
"PPMemCheck"="c:\PROGRA~1\PESTPA~1\PPMemCheck.exe" []
"CookiePatrol"="c:\PROGRA~1\PESTPA~1\CookiePatrol.exe" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"swg"="C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-06-07 08:18]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"disablecad"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoMSAppLogo5ChannelNotify"=1 (0x1)
"NoToolbarCustomize"=0 (0x0)
"NoBandCustomize"=0 (0x0)
"NoWindowsUpdate"=1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"=0 (0x0)
"Btn_Forward"=0 (0x0)
"Btn_Stop"=0 (0x0)
"Btn_Refresh"=0 (0x0)
"Btn_Home"=0 (0x0)
"Btn_Search"=0 (0x0)
"Btn_History"=0 (0x0)
"Btn_Favorites"=0 (0x0)
"Btn_Media"=0 (0x0)
"Btn_Folders"=0 (0x0)
"Btn_Fullscreen"=0 (0x0)
"Btn_Tools"=0 (0x0)
"Btn_MailNews"=0 (0x0)
"Btn_Size"=0 (0x0)
"Btn_Print"=0 (0x0)
"Btn_Edit"=0 (0x0)
"Btn_Discussions"=0 (0x0)
"Btn_Cut"=0 (0x0)
"Btn_Copy"=0 (0x0)
"Btn_Paste"=0 (0x0)
"Btn_Encoding"=0 (0x0)
"Btn_PrintPreview"=0 (0x0)

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"Btn_Back"=0 (0x0)
"Btn_Forward"=0 (0x0)
"Btn_Stop"=0 (0x0)
"Btn_Refresh"=0 (0x0)
"Btn_Home"=0 (0x0)
"Btn_Search"=0 (0x0)
"Btn_History"=0 (0x0)
"Btn_Favorites"=0 (0x0)
"Btn_Media"=0 (0x0)
"Btn_Folders"=0 (0x0)
"Btn_Fullscreen"=0 (0x0)
"Btn_Tools"=0 (0x0)
"Btn_MailNews"=0 (0x0)
"Btn_Size"=0 (0x0)
"Btn_Print"=0 (0x0)
"Btn_Edit"=0 (0x0)
"Btn_Discussions"=0 (0x0)
"Btn_Cut"=0 (0x0)
"Btn_Copy"=0 (0x0)
"Btn_Paste"=0 (0x0)
"Btn_Encoding"=0 (0x0)
"Btn_PrintPreview"=0 (0x0)
"NoActiveDesktopChanges"=0 (0x0)
"NoWindowsUpdate"=1 (0x1)

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\ShellExecuteHooks]
"{EC0AF991-8DC2-4762-B1A3-BD3BB3E965EA}"= C:\WINDOWS\system32\hggfcba.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\hggfcba]
hggfcba.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winlbt32]
winlbt32.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Authentication Packages"= msv1_0 C:\WINDOWS\system32\xxwtq.dll

R1 efPktFtr;ENDFORCE Quarantine Filter;\??\C:\WINDOWS\System32\Drivers\efPktFtr.sys
R3 Eacfilt;Eacfilt Miniport;C:\WINDOWS\system32\DRIVERS\eacfilt.sys
R3 IPSECSHM;Nortel IPSECSHM Adapter;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
S2 CcmExec;SMS Agent Host;C:\WINDOWS\System32\CCM\CcmExec.exe
S2 dmsmbios;dmsmbios;\??\C:\WINDOWS\system32\dmsmbios.sys
S2 ENDFORCE Agent API;ENDFORCE Agent API;"C:\Program Files\ENDFORCE\AgentAPI.exe"
S2 MSSQL$ADPDB;MSSQL$ADPDB;C:\Adp\MSDE\MSSQL$ADPDB\Binn\sqlservr.exe -sADPDB
S2 ntrtscan;OfficeScanNT RealTime Scan;"C:\Program Files\Common Files\Trend Micro\OfficeScan Client\ntrtscan.exe"
S2 tmlisten;OfficeScanNT Listener;"C:\Program Files\Common Files\Trend Micro\OfficeScan Client\tmlisten.exe"
S2 TmPreFilter;Trend Micro PreFilter;\??\C:\Program Files\Common Files\Trend Micro\OfficeScan Client\TmPreFlt.sys
S3 ExtranetAccess;Contivity VPN Service;"C:\Program Files\Nortel Networks\Extranet_serv.exe"
S3 IPSECEXT;Nortel Extranet Access Protocol;C:\WINDOWS\system32\DRIVERS\ipsecw2k.sys
S3 prepdrvr;SMS Process Event Driver;\??\C:\WINDOWS\System32\CCM\prepdrv.sys
S3 RapFile;RapFile;\??\C:\WINDOWS\System32\drivers\RapFile.sys
S3 RapNet;RapNet;\??\C:\WINDOWS\System32\drivers\RapNet.sys
S3 SQLAgent$ADPDB;SQLAgent$ADPDB;C:\Adp\MSDE\MSSQL$ADPDB\Binn\sqlagent.EXE -i ADPDB

*Newly Created Service* - CATCHME
.
Contents of the 'Scheduled Tasks' folder
"2007-05-21 22:09:12 C:\WINDOWS\Tasks\{0DF6210C-1F26-4982-8A35-2507B3162597}_CORP_cw110858.job"
- C:\WINDOWS\system32\mobsync.exe
"2007-05-21 22:09:12 C:\WINDOWS\Tasks\{15DBFB61-EFEF-44F7-A6D3-4438E37DFFAF}_CORP_cw110858.job"
"2007-05-21 22:09:12 C:\WINDOWS\Tasks\{1A11111D-BC4A-4EB8-9C84-6045D648195C}_CORP_cw110858.job"
- C:\WINDOWS\system32\mobsync.exe
"2006-11-29 15:36:00 C:\WINDOWS\Tasks\{20E54687-F6F1-4C72-92E1-699C1B565D99}_CORP_cw110858.job"
"2006-11-29 15:36:00 C:\WINDOWS\Tasks\{2992913E-CE56-45A6-8DE4-3CB0ED1284FF}_CORP_cw110858.job"
"2006-06-05 12:03:41 C:\WINDOWS\Tasks\{2DC2DA56-CF58-48F6-9F67-81A2AAB3EAFD}_CORP_cw110858.job"
- C:\WINDOWS\system32\mobsync.exe
"2006-06-05 12:03:41 C:\WINDOWS\Tasks\{DDC5E260-78FF-4C2E-B102-9C73A2B72F66}_CORP_cw110858.job"
- C:\WINDOWS\system32\mobsync.exe
"2006-06-05 12:03:41 C:\WINDOWS\Tasks\{F09B85A9-6A1C-4597-94EB-6C06464F2FF0}_CORP_cw110858.job"
- C:\WINDOWS\system32\mobsync.exe
"2006-11-29 15:36:00 C:\WINDOWS\Tasks\{F83E0C5C-3BE3-4041-BCBB-63A4213CD050}_CORP_cw110858.job"
- C:\WINDOWS\system32\mobsync.exe
.
**************************************************************************

catchme 0.3.1169 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-10-11 10:11:07
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2007-10-11 10:13:03
.
--- E O F ---

BC AdBot (Login to Remove)

 


#2 scotishlinks

scotishlinks
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:01:32 AM

Posted 12 October 2007 - 07:24 AM

:thumbsup: :blink: Update!!!
I was able to resolve my issue with the help of another individual who had run into the same problem. I had tried everything just like everyone else yet I had resolved the issue with the recommendations this individual provided. Now, I can not say this would work for everyone yet with this nasty one it was worth a shot for me to try. Here is the link that you may try, it takes you to the forum by Atribune.org which is where you obtain VundoFix.exe which I know is a good and trustworthy site. Again, I just providing an altenative and I can not guarantee this would solve your issue.

http://www.atribune.org/forums/index.php?showtopic=3378






0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users