Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Trojan Infection


  • Please log in to reply
7 replies to this topic

#1 Vallya

Vallya

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 05 February 2008 - 12:29 PM

Hello there, I noticed random popups while using Internet Explorer, so I did a bit of reading on this website. I ran SpyBot, Avast virus scanner, and Housecall, all of them didn't find anything. Then I ran ComboFix after following the instructions as stated (log attached) which seemed to have deleted the trojan files. After, I ran VundoFix, which found nothing. And then, I ran Hijackthis (log attached) and one particular item when I select to delete, it will not let me, it keeps reappearing.

I tried to boot in safe mode using admin account to edit the registry but a message box popped up saying "Cannot delete. Error while deleting key."

Ran the following programs: SpyBot, Avast virus scanner, Housecall, Hijackthis, ComboFix, VundoFix, and updated Java to current version.

What does this mean? Am I still infected? Any help would be very much appreciated, thank you.

ComboFix Log

ComboFix 08-02.03.1 - User 2008-02-04 11:26:53.1 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2456 [GMT -8:00]
Running from: C:\Documents and Settings\User\My Documents\Downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\nnnnklk.dll
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\system32\gebyx.dll
C:\WINDOWS\system32\nnnnklk.dll
C:\WINDOWS\system32\xybeg.ini
C:\WINDOWS\system32\xybeg.ini2

----- BITS: Possible infected sites -----

hxxp://www.download.windowsupdate.com

.
((((((((((((((((((((((((( Files Created from 2008-01-04 to 2008-02-04 )))))))))))))))))))))))))))))))
.

2008-02-03 22:11 . 2008-02-03 23:55 <DIR> d-------- C:\Documents and Settings\User\.housecall6.6
2008-02-03 22:09 . 2008-02-03 22:09 <DIR> d-------- C:\WINDOWS\Sun
2008-02-03 20:19 . 2008-02-03 20:19 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-02 15:04 . 2008-02-03 19:22 6 --a------ C:\WINDOWS\WS_FTP.EXT
2008-02-02 15:04 . 2008-02-03 19:22 0 --a------ C:\WINDOWS\WS_FTP.CNV
2008-02-02 14:26 . 2001-03-15 04:55 101,200 --a------ C:\WINDOWS\system32\pdfshell.dll
2008-02-02 14:26 . 2001-03-15 05:18 65,536 --a------ C:\WINDOWS\system32\adistres.dll
2008-02-02 14:26 . 2001-03-15 05:18 20,584 --a------ C:\WINDOWS\system32\PdfPorts.dll
2008-02-02 14:25 . 2008-02-02 14:25 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-02-02 14:25 . 2008-02-02 14:25 <DIR> d-------- C:\Documents and Settings\User\Application Data\InterTrust
2008-02-02 13:21 . 2008-02-02 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-01 21:53 . 2008-02-02 15:13 <DIR> d-------- C:\Program Files\WS_FTP
2008-02-01 13:23 . 2008-02-01 13:23 <DIR> d-------- C:\Program Files\Micrografx
2008-02-01 13:21 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-01-31 22:25 . 2008-02-01 12:47 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-01-31 22:25 . 2008-01-31 22:25 1,409 --a------ C:\WINDOWS\QTFont.for
2008-01-31 20:06 . 2008-01-31 20:22 <DIR> d-------- C:\Program Files\QTFairUse 6
2008-01-29 00:15 . 2008-01-29 00:15 <DIR> d-------- C:\Program Files\Orbit Downloader
2008-01-29 00:15 . 2008-02-04 11:21 <DIR> d-------- C:\Documents and Settings\User\Application Data\Orbit
2008-01-16 18:36 . 2008-01-16 18:36 <DIR> d-------- C:\Program Files\Maxthon
2008-01-16 11:51 . 2008-01-16 11:51 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-16 11:51 . 2008-01-16 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-15 00:14 . 2008-01-15 00:14 168 --a------ C:\WINDOWS\hpipcopy.INI
2008-01-15 00:08 . 2001-08-17 22:36 89,088 --a------ C:\WINDOWS\system32\hpgt33.dll
2008-01-15 00:08 . 2001-08-17 22:36 89,088 --a------ C:\WINDOWS\system32\dllcache\hpgt33.dll
2008-01-15 00:08 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-15 00:08 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-15 00:08 . 2001-08-17 22:36 48,128 --a------ C:\WINDOWS\system32\hpgt33tk.dll
2008-01-15 00:08 . 2001-08-17 22:36 48,128 --a------ C:\WINDOWS\system32\dllcache\hpgt33tk.dll
2008-01-15 00:08 . 2001-08-17 22:36 32,768 --a------ C:\WINDOWS\system32\hpgtmcro.dll
2008-01-15 00:08 . 2001-08-17 22:36 32,768 --a------ C:\WINDOWS\system32\dllcache\hpgtmcro.dll
2008-01-15 00:08 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-15 00:08 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-15 00:05 . 1993-07-22 23:00 210,944 --a------ C:\WINDOWS\system32\Msvcrt10.dll
2008-01-15 00:03 . 2008-01-15 00:39 1,080 --a------ C:\WINDOWS\AUTOLNCH.REG
2008-01-15 00:02 . 2008-01-15 00:02 <DIR> d-------- C:\Documents and Settings\User\WINDOWS
2008-01-10 10:47 . 2008-01-10 10:47 <DIR> d-------- C:\WINDOWS\Cache
2008-01-10 10:47 . 2008-02-03 21:03 <DIR> d-------- C:\Program Files\Coupons
2008-01-10 10:47 . 2008-01-27 20:28 193,880 -rah----- C:\WINDOWS\system32\cpnprt2.cid

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-03 08:17 --------- d-----w C:\Program Files\Metapad
2008-02-02 23:31 --------- d-----w C:\Documents and Settings\User\Application Data\uTorrent
2008-02-02 22:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-31 06:44 --------- d-----w C:\Program Files\7-Zip
2008-01-29 08:59 --------- d-----w C:\Program Files\DivX
2008-01-26 05:59 --------- d-----w C:\Documents and Settings\User\Application Data\DVD Flick
2008-01-26 05:07 --------- d-----w C:\Program Files\SpeedFan
2008-01-23 08:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-16 19:44 --------- d-----w C:\Program Files\GetRight
2008-01-15 08:40 --------- d-----w C:\Program Files\HP
2008-01-15 08:23 --------- d--h--w C:\Program Files\Hewlett-Packard
2008-01-15 07:23 --------- d-----w C:\Documents and Settings\User\Application Data\LimeWire
2007-12-28 00:37 --------- d-----w C:\Program Files\Notepad++
2007-12-27 04:36 --------- d-----w C:\Program Files\IsoBuster
2007-12-24 23:06 --------- d--h--w C:\Program Files\Java
2007-12-24 23:06 --------- d-----w C:\Program Files\LimeWire
2007-12-24 23:05 --------- d-----w C:\Program Files\Common Files\Java
2007-12-22 10:16 --------- d--h--w C:\Program Files\iPod
2007-12-22 10:16 --------- d-----w C:\Program Files\iTunes
2007-12-22 09:08 --------- d-----w C:\Documents and Settings\User\Application Data\Apple Computer
2007-12-21 02:13 --------- d-----w C:\Documents and Settings\User\Application Data\dvdcss
2007-12-20 08:35 --------- d-----w C:\Documents and Settings\User\Application Data\ImgBurn
2007-12-20 02:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-20 02:41 --------- d-----w C:\Program Files\QuickTime
2007-12-19 17:13 --------- d-----w C:\Documents and Settings\User\Application Data\MenuShrink
2007-12-19 04:35 --------- d-----w C:\Program Files\DVD Shrink
2007-12-19 04:33 --------- d-----w C:\Program Files\DVD Identifier
2007-12-19 04:25 --------- d-----w C:\Program Files\DVD Decrypter
2007-12-19 02:31 24,014 ----a-r C:\WINDOWS\Handlers 12-18-07.reg
2007-12-18 07:12 --------- d-----w C:\Program Files\Common Files\Seagate
2007-12-18 07:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Seagate
2007-12-18 07:00 392,320 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2007-12-18 07:00 32,768 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-12-18 07:00 120,992 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2007-12-17 19:06 --------- d-----w C:\Documents and Settings\User\Application Data\Image Zone Express
2007-12-15 22:55 --------- d-----w C:\Program Files\DVD Flick
2007-12-12 19:09 --------- d-----w C:\Program Files\mp3DirectCut
2007-12-11 03:28 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2007-12-11 03:22 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2007-12-09 18:34 --------- d--h--w C:\Program Files\MSXML 4.0
2007-12-09 02:57 --------- d-----w C:\Documents and Settings\User\Application Data\Ahead
2007-12-09 02:54 --------- d--h--w C:\Program Files\InstallShield Installation Information
2007-12-09 02:54 --------- d--h--w C:\Program Files\CyberLink
2007-12-09 02:29 --------- d-----w C:\Program Files\Nero
2007-12-08 19:56 --------- d-----w C:\Program Files\NeoSmart Technologies
2007-12-08 19:09 57,235,286 ----a-r C:\WINDOWS\BACKUP 12-08-07.reg
2007-12-07 22:21 --------- d-----w C:\Program Files\ContextEdit
2007-12-07 07:38 --------- d-----w C:\Program Files\ShellExView
2007-12-07 03:55 --------- d-----w C:\Program Files\Alwil Software
2007-12-07 03:09 --------- d-----w C:\Documents and Settings\User\Application Data\Notepad++
2007-12-06 07:06 --------- d-----w C:\Documents and Settings\User\Application Data\HP
2007-12-06 07:05 --------- d-----w C:\Program Files\Common Files\HP
2007-12-06 07:04 --------- d-----w C:\Documents and Settings\All Users\Application Data\HP
2007-12-06 06:22 --------- d-----w C:\Documents and Settings\User\Application Data\vlc
2007-12-06 06:18 --------- d-----w C:\Program Files\VideoLAN
2007-12-06 06:09 --------- d-----w C:\Program Files\MRU-Blaster
2007-12-06 06:07 --------- d-----w C:\Program Files\RegSeeker
2007-12-06 05:59 --------- d-----w C:\Program Files\Illustrate
2007-12-06 05:35 --------- d-----w C:\Program Files\Jasc Software Inc
2007-12-06 05:34 --------- d-----w C:\Program Files\CCleaner
2007-12-06 05:00 --------- d-----w C:\Program Files\CPU-Z-142
2007-12-06 04:52 --------- d-----w C:\Documents and Settings\All Users\Application Data\Yahoo!
2007-12-06 04:45 --------- d-----w C:\Program Files\Quintessential Player
2007-12-06 04:43 --------- d--h--w C:\Program Files\Microsoft.NET
2007-12-06 04:43 --------- d--h--w C:\Program Files\Microsoft ActiveSync
2007-12-06 04:35 --------- d-----w C:\Program Files\uTorrent
2007-12-06 04:21 --------- d-----w C:\Program Files\v
2007-12-06 04:10 --------- d-----w C:\Program Files\Yahoo!
2007-12-06 03:50 --------- d-----w C:\Documents and Settings\User\Application Data\Talkback
2007-12-06 03:42 --------- d-----w C:\Program Files\1by1
2007-12-04 14:56 93,264 ----a-w C:\WINDOWS\system32\drivers\aswmon.sys
2007-12-04 14:55 94,544 ----a-w C:\WINDOWS\system32\drivers\aswmon2.sys
2007-12-04 14:53 23,152 ----a-w C:\WINDOWS\system32\drivers\aswRdr.sys
2007-12-04 14:51 42,912 ----a-w C:\WINDOWS\system32\drivers\aswTdi.sys
2007-12-04 14:49 26,624 ----a-w C:\WINDOWS\system32\drivers\aavmker4.sys
2007-11-28 20:21 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-11-20 19:35 8,646,776 ----a-w C:\WINDOWS\Q890830.EXE
2007-11-20 19:35 3,109,928 ----a-w C:\WINDOWS\Q943460.EXE
2004-12-01 04:21 294,912 ----a-w C:\Program Files\MP3TagEd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{368FE424-1C5E-4AE8-AA4E-2A46AB2C6CB8}]

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{9AA57522-2ECD-47DF-BD38-20E7E577A464}]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 12:52 16841216 C:\WINDOWS\RTHDCPL.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\nnnnklk]
nnnnklk.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)

R2 TTFixerService;NST ToolTipFixer;"C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe" [2007-06-26 21:20]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-04-03 13:06]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-04 11:32:00
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\Program Files\1by1\1by1.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
.
**************************************************************************
.
Completion time: 2008-02-04 11:33:34 - machine was rebooted
ComboFix-quarantined-files.txt 2008-02-04 19:33:31
.
2008-01-10 07:31:29 --- E O F ---

Hijackthis Log

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:21:21 PM, on 2/4/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\1by1\1by1.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\HiJackThis\HiJackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O2 - BHO: bho2gr Class - {31FF080D-12A3-439A-A2EF-4BA95A3148E8} - C:\Program Files\GetRight\xx2gr.dll
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - Startup: 1by1.lnk = C:\Program Files\1by1\1by1.exe
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187214079781
O20 - Winlogon Notify: nnnnklk - nnnnklk.dll (file missing)
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NST ToolTipFixer (TTFixerService) - NeoSmart Technologies - C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe

--
End of file - 3232 bytes

BC AdBot (Login to Remove)

 


#2 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 15 February 2008 - 05:18 AM

Welcome to the BleepingComputer HijackThis Logs and Analysis forum Vallya
My name is Richie and i'll be helping you to fix your problems.

If you have previously downloaded ComboFix,please delete that version now.
Warning
You should NOT use Combofix unless you have been instructed to do so by a Malware Removal Expert.
It is intended by its creator to be used under the guidance and supervision of an expert,NOT for private use.

Now download Combofix by sUBs and save to your desktop.
Alternative Combofix download link HERE.
Note
It is important that it is saved directly to your desktop

Do not run it just yet.

Now please go here and follow the instructions to install the Recovery Console:
http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Now close any open browsers.
Double click on Combofix.exe and follow the prompts.
When it's finished it will produce a log.
Post the entire contents of C:\ComboFix.txt into your next reply.
Note
Do not mouseclick combofix's window or do anything else on your pc while it's running.
That may cause the program to freeze/hang.

Do NOT post the ComboFix-quarantined-files.txt unless I ask.
Note
In case your Antivirus or any other realtime scanner is displaying an alert after you downloaded Combofix or while you use Combofix,please disable your scanner and redownload Combofix again.
Some scanners may see some combofix related components as suspicious and block or delete them while there's nothing wrong with them.

Also post a new Hijackthis log please.
Posted Image
Posted Image

#3 Vallya

Vallya
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 15 February 2008 - 10:27 AM

Hello, thanks for your help. Here are my logs:

ComboFix 08-02-15.2 - User 2008-02-15 7:21:27.6 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.2548 [GMT -8:00]
Running from: C:\Documents and Settings\User\Desktop\ComboFix.exe
.

((((((((((((((((((((((((( Files Created from 2008-01-15 to 2008-02-15 )))))))))))))))))))))))))))))))
.

2008-02-15 07:18 . 2006-03-15 02:00 388,608 --a------ C:\kmd.exe
2008-02-09 23:43 . 2008-02-14 10:27 <DIR> d-------- C:\Program Files\Soulseek
2008-02-08 15:42 . 2008-02-08 15:42 <DIR> d-------- C:\Documents and Settings\User\Application Data\HouseCall 6.6
2008-02-06 00:09 . 2008-02-06 00:09 <DIR> d-------- C:\Program Files\Sun
2008-02-06 00:08 . 2007-12-14 01:59 69,632 --a------ C:\WINDOWS\system32\javacpl.cpl
2008-02-06 00:06 . 2008-02-06 00:08 <DIR> d-------- C:\Program Files\Java
2008-02-06 00:04 . 2008-02-06 00:04 <DIR> d-------- C:\Program Files\Common Files\Java
2008-02-05 22:47 . 2008-02-05 22:47 80,718,996 --a------ C:\WINDOWS\BACKUP 02-05-08.reg
2008-02-05 17:47 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2008-02-05 17:47 . 2001-08-17 13:48 12,160 --a------ C:\WINDOWS\system32\dllcache\mouhid.sys
2008-02-04 19:30 . 2008-02-04 19:31 76,096,504 --a------ C:\WINDOWS\BACKUP 02-04-08.reg
2008-02-03 22:11 . 2008-02-14 10:56 <DIR> d-------- C:\Documents and Settings\User\.housecall6.6
2008-02-03 22:09 . 2008-02-03 22:09 <DIR> d-------- C:\WINDOWS\Sun
2008-02-03 20:19 . 2008-02-03 20:19 <DIR> d-------- C:\WINDOWS\system32\LogFiles
2008-02-02 15:04 . 2008-02-03 19:22 6 --a------ C:\WINDOWS\WS_FTP.EXT
2008-02-02 15:04 . 2008-02-03 19:22 0 --a------ C:\WINDOWS\WS_FTP.CNV
2008-02-02 14:26 . 2001-03-15 04:55 101,200 --a------ C:\WINDOWS\system32\pdfshell.dll
2008-02-02 14:26 . 2001-03-15 05:18 65,536 --a------ C:\WINDOWS\system32\adistres.dll
2008-02-02 14:26 . 2001-03-15 05:18 20,584 --a------ C:\WINDOWS\system32\PdfPorts.dll
2008-02-02 14:25 . 2008-02-02 14:25 <DIR> d-------- C:\WINDOWS\system32\Adobe
2008-02-02 14:25 . 2008-02-02 14:25 <DIR> d-------- C:\Documents and Settings\User\Application Data\InterTrust
2008-02-02 13:21 . 2008-02-02 13:21 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-02-01 21:53 . 2008-02-02 15:13 <DIR> d-------- C:\Program Files\WS_FTP
2008-02-01 13:23 . 2008-02-01 13:23 <DIR> d-------- C:\Program Files\Micrografx
2008-02-01 13:21 . 1996-11-05 16:13 299,008 --a------ C:\WINDOWS\uninst.exe
2008-01-31 20:06 . 2008-01-31 20:22 <DIR> d-------- C:\Program Files\QTFairUse 6
2008-01-29 00:15 . 2008-01-29 00:15 <DIR> d-------- C:\Program Files\Orbit Downloader
2008-01-29 00:15 . 2008-02-08 02:06 <DIR> d-------- C:\Documents and Settings\User\Application Data\Orbit
2008-01-16 18:36 . 2008-01-16 18:36 <DIR> d-------- C:\Program Files\Maxthon
2008-01-16 11:51 . 2008-02-04 20:06 <DIR> d-------- C:\Program Files\Common Files\Ahead
2008-01-16 11:51 . 2008-01-16 11:51 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Nero
2008-01-15 00:14 . 2008-01-15 00:14 168 --a------ C:\WINDOWS\hpipcopy.INI
2008-01-15 00:08 . 2001-08-17 22:36 89,088 --a------ C:\WINDOWS\system32\hpgt33.dll
2008-01-15 00:08 . 2001-08-17 22:36 89,088 --a------ C:\WINDOWS\system32\dllcache\hpgt33.dll
2008-01-15 00:08 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\wiafbdrv.dll
2008-01-15 00:08 . 2001-08-17 22:36 87,040 --a------ C:\WINDOWS\system32\dllcache\wiafbdrv.dll
2008-01-15 00:08 . 2001-08-17 22:36 48,128 --a------ C:\WINDOWS\system32\hpgt33tk.dll
2008-01-15 00:08 . 2001-08-17 22:36 48,128 --a------ C:\WINDOWS\system32\dllcache\hpgt33tk.dll
2008-01-15 00:08 . 2001-08-17 22:36 32,768 --a------ C:\WINDOWS\system32\hpgtmcro.dll
2008-01-15 00:08 . 2001-08-17 22:36 32,768 --a------ C:\WINDOWS\system32\dllcache\hpgtmcro.dll
2008-01-15 00:08 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\drivers\usbscan.sys
2008-01-15 00:08 . 2004-08-03 22:58 15,104 --a------ C:\WINDOWS\system32\dllcache\usbscan.sys
2008-01-15 00:05 . 1993-07-22 23:00 210,944 --a------ C:\WINDOWS\system32\Msvcrt10.dll
2008-01-15 00:03 . 2008-01-15 00:39 1,080 --a------ C:\WINDOWS\AUTOLNCH.REG
2008-01-15 00:02 . 2008-01-15 00:02 <DIR> d-------- C:\Documents and Settings\User\WINDOWS

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-02-15 15:09 --------- d-----w C:\Documents and Settings\User\Application Data\uTorrent
2008-02-13 05:58 --------- d-----w C:\Program Files\Metapad
2008-02-05 19:58 --------- d-----w C:\Program Files\GetRight
2008-02-05 04:03 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-02-02 22:25 --------- d-----w C:\Program Files\Common Files\Adobe
2008-01-29 08:59 --------- d-----w C:\Program Files\DivX
2008-01-26 05:59 --------- d-----w C:\Documents and Settings\User\Application Data\DVD Flick
2008-01-26 05:07 --------- d-----w C:\Program Files\SpeedFan
2008-01-23 08:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-01-15 08:40 --------- d-----w C:\Program Files\HP
2008-01-15 08:23 --------- d--h--w C:\Program Files\Hewlett-Packard
2007-12-28 00:37 --------- d-----w C:\Program Files\Notepad++
2007-12-27 04:36 --------- d-----w C:\Program Files\IsoBuster
2007-12-22 10:16 --------- d--h--w C:\Program Files\iPod
2007-12-22 10:16 --------- d-----w C:\Program Files\iTunes
2007-12-22 09:08 --------- d-----w C:\Documents and Settings\User\Application Data\Apple Computer
2007-12-21 02:13 --------- d-----w C:\Documents and Settings\User\Application Data\dvdcss
2007-12-20 08:35 --------- d-----w C:\Documents and Settings\User\Application Data\ImgBurn
2007-12-20 02:42 --------- d-----w C:\Documents and Settings\All Users\Application Data\Apple Computer
2007-12-20 02:41 --------- d-----w C:\Program Files\QuickTime
2007-12-19 17:13 --------- d-----w C:\Documents and Settings\User\Application Data\MenuShrink
2007-12-19 04:35 --------- d-----w C:\Program Files\DVD Shrink
2007-12-19 04:33 --------- d-----w C:\Program Files\DVD Identifier
2007-12-19 04:25 --------- d-----w C:\Program Files\DVD Decrypter
2007-12-19 02:31 24,014 ----a-r C:\WINDOWS\Handlers 12-18-07.reg
2007-12-18 07:12 --------- d-----w C:\Program Files\Common Files\Seagate
2007-12-18 07:03 --------- d-----w C:\Documents and Settings\All Users\Application Data\Seagate
2007-12-18 07:00 392,320 ----a-w C:\WINDOWS\system32\drivers\timntr.sys
2007-12-18 07:00 32,768 ----a-w C:\WINDOWS\system32\drivers\tifsfilt.sys
2007-12-18 07:00 120,992 ----a-w C:\WINDOWS\system32\drivers\snapman.sys
2007-12-17 19:06 --------- d-----w C:\Documents and Settings\User\Application Data\Image Zone Express
2007-12-15 22:55 --------- d-----w C:\Program Files\DVD Flick
2007-12-08 19:09 57,235,286 ----a-r C:\WINDOWS\BACKUP 12-08-07.reg
2007-12-08 07:20 133,632 ----a-w C:\WINDOWS\system32\SpoonUninstall.exe
2007-12-04 13:04 837,496 ----a-w C:\WINDOWS\system32\aswBoot.exe
2007-12-04 12:54 95,608 ----a-w C:\WINDOWS\system32\AvastSS.scr
2007-11-29 22:30 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2007-11-29 22:30 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2007-11-28 20:21 315,392 ----a-w C:\WINDOWS\HideWin.exe
2007-11-20 19:35 8,646,776 ----a-w C:\WINDOWS\Q890830.EXE
2007-11-20 19:35 3,109,928 ----a-w C:\WINDOWS\Q943460.EXE
2004-12-01 04:21 294,912 ----a-w C:\Program Files\MP3TagEd.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SpybotSD TeaTimer"="C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe" [2007-08-31 16:46 1460560]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"RTHDCPL"="RTHDCPL.EXE" [2007-09-03 12:52 16841216 C:\WINDOWS\RTHDCPL.exe]
"avast!"="C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe" [2007-12-04 05:00 79224]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{FBF23B40-E3F0-101B-8488-00AA003E56F8}"= shdocvw.dll [ ]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"Ati HotKey Poller"=2 (0x2)

S2 TTFixerService;NST ToolTipFixer;"C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe" [2007-06-26 21:20]
S3 AN983;ADMtek AN983/AN985/ADM951X 10/100Mbps Fast Ethernet Adapter;C:\WINDOWS\system32\DRIVERS\AN983.sys [2002-04-03 13:06]

.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-02-15 07:21:49
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-02-15 7:22:07
ComboFix-quarantined-files.txt 2008-02-15 15:21:59
ComboFix2.txt 2008-02-15 15:11:32
.
2008-01-10 07:31:29 --- E O F ---



Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 7:25:38 AM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\RTHDCPL.EXE
C:\WINDOWS\explorer.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Startup: 1by1.lnk = C:\Program Files\1by1\1by1.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187214079781
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NST ToolTipFixer (TTFixerService) - NeoSmart Technologies - C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe

--
End of file - 2630 bytes

#4 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 15 February 2008 - 10:37 AM

Download ATF Cleaner by Atribune:
http://www.atribune.org/ccount/click.php?id=1
Do not run it just yet.

Download\install 'SuperAntiSpyware Home Edition Free Version' from here:
http://www.superantispyware.com/downloadfi...ANTISPYWAREFREE

Launch SuperAntiSpyware and click on 'Check for updates'.
Once the updates have been installed,exit SuperAntiSpyware.
Do not run it just yet.

Now double-click ATF-Cleaner.exe to run the program.
Click 'Select All' found at the bottom of the list.
Click the 'Empty Selected' button.

If you use Firefox browser, do this also:
Click Firefox at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.

If you use Opera browser,do this also:
Click Opera at the top and choose 'Select All' from the list.
Click the 'Empty Selected' button.
NOTE:
If you would like to keep your saved passwords,please click 'No' at the prompt.
Click 'Exit' on the Main menu to close the program.

Now Start SuperAntiSpyware.
On the main screen click on 'Scan your computer'.
Check: 'Perform Complete Scan'.
Click 'Next' to start the scan.

Superantispyware will now scan your computer,when it's finished it will list all/any infections found.
Make sure everything found has a checkmark next to it,then press 'Next'.
Click on 'Finish' when you've done.

It's possible that the program will ask you to reboot in order to delete some files.

Obtain the SuperAntiSpyware log as follows:
Click on 'Preferences'.
Click on the 'Statistics/Logs' tab.
Under 'Scanner Logs' double click on 'SuperAntiSpyware Scan Log'.
It will then open in your default text editor,such as Notepad.
Copy and paste the contents of that report into your next reply.


Run F-Secure Online Scanner.
Note:
This scanner is for Internet Explorer only.
* Click on Online Services and then Online Scanner.
* Accept the License Agreement.
* Once the ActiveX installs,click Full System Scan.
* Once the download completes,the scan will begin automatically.
* The scan will take some time to finish,so please be patient.
* When the scan completes, click the Automatic cleaning (recommended) button.
* Click the Show Report button then copy and paste the entire report into your next reply.

Also post a new Hijackthis log,let me know how your pc is running now.
Posted Image
Posted Image

#5 Vallya

Vallya
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 15 February 2008 - 01:34 PM

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 02/15/2008 at 08:01 AM

Application Version : 3.9.1008

Core Rules Database Version : 3403
Trace Rules Database Version: 1395

Scan type : Complete Scan
Total Scan Time : 00:16:24

Memory items scanned : 366
Memory threats detected : 0
Registry items scanned : 5523
Registry threats detected : 0
File items scanned : 25186
File threats detected : 2

Adware.Tracking Cookie
C:\Documents and Settings\Default User\Cookies\administrator@2o7[1].txt
C:\WINDOWS\system32\config\systemprofile\Cookies\administrator@2o7[1].txt


F-Secure Online
Scanning Report

Friday, February 15, 2008 10:02:25 - 10:27:13

Computer name: PREFERRE-68CBC5
Scanning type: Scan system for viruses, rootkits, spyware
Target: C:\
Result: 1 malware found
Tracking Cookie (spyware)

* System

Statistics
Scanned:

* Files: 27376
* System: 3981
* Not scanned: 3

Actions:

* Disinfected: 0
* Renamed: 0
* Deleted: 0
* None: 1
* Submitted: 0

Files not scanned:

* C:\PAGEFILE.SYS
* C:\WINDOWS\SYSTEM32\CONFIG\DEFAULT
* C:\RECYCLER\S-1-5-21-1709686313-4116709966-2981021717-1005\DC1.EXE


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:33:36 AM, on 2/15/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
C:\Program Files\Alwil Software\Avast4\ashServ.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe
C:\WINDOWS\RTHDCPL.EXE
C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\1by1\1by1.exe
C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Program Files\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://windowsupdate.microsoft.com/
O4 - HKLM\..\Run: [RTHDCPL] RTHDCPL.EXE
O4 - HKLM\..\Run: [avast!] C:\PROGRA~1\ALWILS~1\Avast4\ashDisp.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] "C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe"
O4 - Startup: 1by1.lnk = C:\Program Files\1by1\1by1.exe
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O16 - DPF: {0B79F48A-E8D6-11DB-9283-E25056D89593} (F-Secure Online Scanner 3.1) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1187214079781
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Acronis Scheduler2 Service (AcrSch2Svc) - Acronis - C:\Program Files\Common Files\Seagate\Schedule2\schedul2.exe
O23 - Service: avast! iAVS4 Control Service (aswUpdSv) - ALWIL Software - C:\Program Files\Alwil Software\Avast4\aswUpdSv.exe
O23 - Service: avast! Antivirus - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashServ.exe
O23 - Service: avast! Mail Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashMaiSv.exe
O23 - Service: avast! Web Scanner - ALWIL Software - C:\Program Files\Alwil Software\Avast4\ashWebSv.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: NMIndexingService - Nero AG - C:\Program Files\Common Files\Ahead\Lib\NMIndexingService.exe
O23 - Service: NST ToolTipFixer (TTFixerService) - NeoSmart Technologies - C:\Program Files\NeoSmart Technologies\ToolTipFixer\ToolTipFixer.exe

--
End of file - 3229 bytes

#6 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 15 February 2008 - 07:06 PM

Your Hijackthis log is clean,hows your pc running now please.
Posted Image
Posted Image

#7 Vallya

Vallya
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:09:38 PM

Posted 16 February 2008 - 01:58 AM

The computer seems to be running well, no pop ups. Is it safe to delete Combofix's folders and files?

#8 RichieUK

RichieUK

    Malware Assassin


  • Malware Response Team
  • 13,614 posts
  • OFFLINE
  •  
  • Local time:05:38 AM

Posted 16 February 2008 - 03:20 AM

Your log is clean :thumbsup: ,please do the following:

Click on Start/Run,copy and paste ComboFix /u into the 'Open:' space,then press Ok.
This will uninstall Combofix,delete its related folders and files,reset your clock settings,hide file extensions,hide the system/hidden files and resets System Restore again.

Posted Image

You should take the time to read and follow the information found in the links below,to help you prevent any possible future infections and stay safe and secure while online:

Simple and easy ways to keep your computer safe and secure on the Internet:
http://www.bleepingcomputer.com/tutorials/keep-your-computer-safe-online/

How to prevent Malware:
http://users.telenet.be/bluepatchy/miekiem...prevention.html

So how did I get infected in the first place:
http://forums.spybot.info/showthread.php?t=279

Malware Cleanup Programs and Preventative Procedures:
http://russelltexas.com/malware/allclear.htm

Hardening Windows Security - Part 1:
http://www.malwarehelp.org/Malware-Prevent...-Security1.html

Hardening Windows Security - Part 2:
http://www.malwarehelp.org/malware-prevent...-security2.html
Posted Image
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users