Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Red X On C/drive


  • This topic is locked This topic is locked
2 replies to this topic

#1 Splinket

Splinket

  • Members
  • 1 posts
  • OFFLINE
  •  
  • Local time:01:47 AM

Posted 07 March 2008 - 05:42 PM

Hello - Can someone please HELP!

My laptop was getting very slow & lagging alot. I had well over 20, 000 POS.tmp files in my C: drive and My Documents folder I have deleted about 8000 or so the rest i can't delete. Also every minute or so i get a fake system error asking me to "caution your system blah blah popups would you like to clean it up yes or no" i get popus and was annoying and SLOW.

I've since run Combo Fix (this morning) that has helped alot but there is still a red X on the C drive.

The log from ComboFix reads;

ComboFix 08-03-07.1 - Samuel Cawthorn 2008-03-08 3:34:39.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.445 [GMT 11:00]
Running from: C:\Documents and Settings\Samuel Cawthorn\Desktop\ComboFix.exe
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat
C:\Documents and Settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat
C:\WINDOWS\BM0382d5a6.xml
C:\WINDOWS\cookies.ini
C:\WINDOWS\pskt.ini
C:\WINDOWS\system32\adaubqhw.dll
C:\WINDOWS\system32\aheqosme.dll
C:\WINDOWS\system32\aogafeoy.dll
C:\WINDOWS\system32\apcymgkt.dll
C:\WINDOWS\system32\cqptwftm.dll
C:\WINDOWS\system32\dfyidbhr.ini
C:\WINDOWS\system32\dhvxhmvy.dll
C:\WINDOWS\system32\diamhpch.dll
C:\WINDOWS\system32\dlfdgncq.dll
C:\WINDOWS\system32\dybljfmq.ini
C:\WINDOWS\system32\ekitioik.dll
C:\WINDOWS\system32\emirbvab.dll
C:\WINDOWS\system32\gcdvpsun.dll
C:\WINDOWS\system32\gtpcooqa.ini
C:\WINDOWS\system32\gtxcmsmr.dll
C:\WINDOWS\system32\hegifeci.dll
C:\WINDOWS\system32\hiilnqwo.dll
C:\WINDOWS\system32\jkklj.dll
C:\WINDOWS\system32\jlkkj.ini
C:\WINDOWS\system32\jlkkj.ini2
C:\WINDOWS\system32\jxvcdyum.ini
C:\WINDOWS\system32\lgasplir.ini
C:\WINDOWS\system32\mcrh.tmp
C:\WINDOWS\system32\mrmqjwku.ini
C:\WINDOWS\system32\muydcvxj.dll
C:\WINDOWS\system32\nrahffcv.ini
C:\WINDOWS\system32\oqxuehji.dll
C:\WINDOWS\system32\pwsauvux.dll
C:\WINDOWS\system32\qpqcxyaj.dll
C:\WINDOWS\system32\rhbdiyfd.dll
C:\WINDOWS\system32\rngoxugb.dll
C:\WINDOWS\system32\rooplicw.ini
C:\WINDOWS\system32\srajyqcg.dll
C:\WINDOWS\system32\ssqomli.dll
C:\WINDOWS\system32\syrwllww.dll
C:\WINDOWS\system32\tbpbcjjq.dll
C:\WINDOWS\system32\tqlycitf.dll
C:\WINDOWS\system32\vcffharn.dll
C:\WINDOWS\system32\vijeuakp.dll
C:\WINDOWS\system32\vpdyowqv.dll
C:\WINDOWS\system32\vwpirahn.dll
C:\WINDOWS\system32\wacrunkw.ini
C:\WINDOWS\system32\wcilpoor.dll
C:\WINDOWS\system32\whqbuada.ini
C:\WINDOWS\system32\windows
C:\WINDOWS\system32\wqbfceme.ini
C:\WINDOWS\system32\wyeqcwjr.dll
C:\WINDOWS\system32\xvsrapvy.dll
C:\WINDOWS\system32\xyjydkrl.dll
C:\WINDOWS\system32\yoefagoa.ini
C:\WINDOWS\system32\yoefagoa.tmp

----- BITS: Possible infected sites -----

hxxp://au.download.winġj
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\nm


((((((((((((((((((((((((( Files Created from 2008-02-07 to 2008-03-07 )))))))))))))))))))))))))))))))
.

2008-03-07 15:40 . 2008-03-07 15:40 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-03-07 15:40 . 2008-03-07 15:40 1,409 --a------ C:\WINDOWS\QTFont.for
2008-03-05 08:12 . 2008-03-05 08:12 0 --a--c--- C:\LOG13E2.tmp
2008-03-05 07:43 . 2008-03-05 07:43 0 --a--c--- C:\LOGE4D.tmp
2008-03-05 07:42 . 2008-03-05 08:12 <DIR> d-------- C:\Documents and Settings\Be Motivated\Application Data\U3
2008-03-05 00:03 . 2008-03-05 00:05 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-03-05 00:00 . 2008-03-05 00:00 <DIR> d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-03-03 21:59 . 2008-03-03 21:59 <DIR> d-------- C:\Program Files\SourceTec
2008-03-03 21:59 . 2008-03-03 21:59 <DIR> d-------- C:\Program Files\Common Files\SourceTec
2008-03-02 23:17 . 2008-03-02 23:17 <DIR> d-------- C:\Documents and Settings\Be Motivated\Application Data\Apple Computer
2008-03-02 17:44 . 2008-03-02 17:46 <DIR> d-------- C:\Documents and Settings\Be Motivated\Contacts
2008-02-28 07:28 . 2008-02-28 07:28 37,376 -ra------ C:\WINDOWS\mrofinu1535.exe
2008-02-27 14:22 . 2008-03-08 03:28 25,662 ---hs---- C:\WINDOWS\system32\diamhpch.dllbox
2008-02-24 11:37 . 2008-02-24 11:37 0 --a--c--- C:\LOGB6.tmp
2008-02-22 14:23 . 2008-02-22 14:23 <DIR> d-------- C:\Program Files\Common Files\Apple
2008-02-20 20:45 . 2008-02-20 20:47 <DIR> d-------- C:\Program Files\Macromedia
2008-02-20 20:45 . 2008-02-20 20:50 <DIR> d-------- C:\Program Files\Common Files\Macromedia
2008-02-17 14:20 . 2008-02-17 14:20 0 --a--c--- C:\LOGFB.tmp
2008-02-17 14:19 . 2008-02-24 11:43 <DIR> d-------- C:\Documents and Settings\Samuel Cawthorn\Application Data\U3
2008-02-15 21:51 . 2008-02-15 22:24 <DIR> d-------- C:\WINDOWS\SxsCaPendDel
2008-02-11 21:56 . 2008-02-22 14:33 <DIR> d-------- C:\Program Files\iTunes
2008-02-11 21:48 . 2008-02-11 21:50 <DIR> d-------- C:\Program Files\QuickTime
2008-02-07 18:00 . 2008-02-07 18:00 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Dell

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-03-07 13:59 --------- d-----w C:\Documents and Settings\Samuel Cawthorn\Application Data\Skype
2008-03-06 06:44 --------- d-----w C:\Program Files\Dl_cats
2008-03-02 06:53 --------- d-----w C:\Documents and Settings\Be Motivated\Application Data\Gtek
2008-03-02 06:46 --------- d-----w C:\Documents and Settings\Be Motivated\Application Data\McAfee.com Personal Firewall
2008-02-22 03:32 --------- d-----w C:\Program Files\iPod
2008-02-21 11:30 --------- d-----w C:\Program Files\Common Files\Adobe
2008-02-20 07:21 --------- d-----w C:\Documents and Settings\Samuel Cawthorn\Application Data\BitTorrent
2008-02-15 10:55 --------- d-----w C:\Program Files\Java
2008-02-03 12:44 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-01-31 10:16 --------- d-----w C:\Program Files\UltimateBet
2008-01-21 11:27 --------- d-----w C:\Documents and Settings\Samuel Cawthorn\Application Data\McAfee.com Personal Firewall
2008-01-15 12:51 --------- d-----w C:\Program Files\Thecus
2007-10-18 11:19 176,128 ----a-w C:\Program Files\iT
2007-04-13 05:33 56,912 ----a-w C:\Documents and Settings\Samuel Cawthorn\g2mdlhlpx.exe
2007-01-27 06:33 2,354 ----a-w C:\Documents and Settings\Samuel Cawthorn\Application Data\SAS7_000.DAT
.
Files Infected - Win32.Agent.zb
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"msnmsgr"="C:\Program Files\MSN Messenger\MsnMsgr.exe" [2007-01-19 12:54 5674352]
"MSMSGS"="C:\Program Files\Messenger\msmsgs.exe" [2004-10-14 03:24 1694208]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 11:28 139264]
"Skype"="C:\Program Files\Skype\Phone\Skype.exe" [2006-12-18 17:32 25365032]
"BitTorrent"="C:\Program Files\BitTorrent\bittorrent.exe" [2007-09-08 10:01 43008]
"H/PC Connection Agent"="C:\Program Files\Microsoft ActiveSync\wcescomm.exe" [2005-11-15 19:44 1200128]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:00 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"igfxtray"="C:\WINDOWS\system32\igfxtray.exe" [2005-12-13 19:44 98304]
"igfxhkcmd"="C:\WINDOWS\system32\hkcmd.exe" [2005-12-13 19:41 77824]
"igfxpers"="C:\WINDOWS\system32\igfxpers.exe" [2005-12-13 19:45 118784]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.exe" [2004-08-04 08:00 208952]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 08:00 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.exe" [2004-08-04 08:00 455168]
"IntelZeroConfig"="C:\Program Files\Intel\Wireless\bin\ZCfgSvc.exe" [2005-12-28 14:55 667718]
"IntelWireless"="C:\Program Files\Intel\Wireless\Bin\ifrmewrk.exe" [2005-12-28 14:56 602182]
"SigmatelSysTrayApp"="stsystra.exe" [2006-03-24 19:30 282624 C:\WINDOWS\stsystra.exe]
"ISUSPM Startup"="C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\ISUSPM.exe" [ ]
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" [2005-02-16 16:15 81920]
"VSOCheckTask"="C:\PROGRA~1\McAfee.com\VSO\mcmnhdlr.exe" [2005-07-08 19:18 151552]
"OASClnt"="C:\Program Files\McAfee.com\VSO\oasclnt.exe" [2005-08-12 01:02 53248]
"MCAgentExe"="c:\PROGRA~1\mcafee.com\agent\mcagent.exe" [2005-09-22 19:29 303104]
"MCUpdateExe"="c:\PROGRA~1\mcafee.com\agent\mcupdate.exe" [2006-01-11 13:05 212992]
"MSKDetectorExe"="C:\PROGRA~1\McAfee\SPAMKI~1\MSKDetct.exe" [2006-11-07 14:49 1121280]
"MSKAGENTEXE"="C:\PROGRA~1\McAfee\SPAMKI~1\MskAgent.exe" [2005-09-26 11:26 110592]
"VirusScan Online"="C:\Program Files\McAfee.com\VSO\mcvsshld.exe" [2005-08-10 15:49 163840]
"MPFExe"="C:\PROGRA~1\McAfee.com\PERSON~1\MpfTray.exe" [2005-11-11 18:00 1005096]
"DLCCCATS"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\DLCCtime.dll" [2005-09-13 20:50 73728]
"ZSSnp211"="C:\WINDOWS\ZSSnp211.exe" [2006-08-08 18:05 49152]
"Domino"="C:\WINDOWS\Domino.exe" [2006-07-04 14:16 49152]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2008-01-31 23:13 385024]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe" [2007-09-25 01:11 132496]
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [2008-01-11 22:16 39792]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-02-19 13:10 267048]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=pushow52.dll

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Bluetooth.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Bluetooth.lnk
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Dell Network Assistant.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Dell Network Assistant.lnk
backup=C:\WINDOWS\pss\Dell Network Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Digital Line Detect.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Digital Line Detect.lnk
backup=C:\WINDOWS\pss\Digital Line Detect.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=C:\Documents and Settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=C:\WINDOWS\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^Samuel Cawthorn^Start Menu^Programs^Startup^LimeWire On Startup.lnk]
path=C:\Documents and Settings\Samuel Cawthorn\Start Menu\Programs\Startup\LimeWire On Startup.lnk
backup=C:\WINDOWS\pss\LimeWire On Startup.lnkStartup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Dell QuickSet]
--a------ 2006-04-06 17:58 1032192 C:\Program Files\Dell\QuickSet\quickset.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DellSupport]
C:\Program Files\Dell Support\DSAgnt.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dla]
C:\WINDOWS\system32\dla\tfswctrl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\dlccmon.exe]
--a------ 2005-10-20 22:40 430080 C:\Program Files\Dell Photo AIO Printer 924\dlccmon.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DMXLauncher]
--a------ 2005-01-27 04:02 86016 C:\Program Files\Dell\Media Experience\DMXLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DNS7reminder]
C:\Program Files\Nuance\NaturallySpeaking9\Program\ereg.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\DVDLauncher]
--------- 2005-12-09 23:29 49152 C:\Program Files\CyberLink\PowerDVD\DVDLauncher.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Google Desktop Search]
--a------ 2006-08-16 08:38 169984 C:\Program Files\Google\Google Desktop Search\GoogleDesktop.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
--a------ 2008-02-19 13:10 267048 C:\Program Files\iTunes\iTunesHelper.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2006-01-12 16:40 155648 C:\Program Files\Common Files\Ahead\Lib\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Norton Ghost 10.0]
C:\Program Files\Norton Ghost\Agent\GhostTray.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-01-31 23:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
C:\Program Files\Real\RealPlayer\RealPlay.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SSBkgdUpdate]
C:\Program Files\Common Files\Scansoft Shared\SSBkgdUpdate\SSBkgdupdate.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\LimeWire\\LimeWire.exe"=
"C:\\Program Files\\BitTorrent\\bittorrent.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\Microsoft ActiveSync\\rapimgr.exe"=
"C:\\Program Files\\Thecus\\Thecus Setup Wizard v1.1.96\\SetupWizard.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=
"C:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"135:TCP"= 135:TCP:TCP Port 135

R2 hnmwrlspkt;HomeNet Manager Wireless Protocol;C:\WINDOWS\system32\DRIVERS\hnm_wrls_pkt.sys [2006-01-13 01:27]
R2 wsppkt;Wireless Security Protocol;C:\WINDOWS\system32\DRIVERS\wsp_pkt.sys [2006-01-13 01:29]
S3 ZSMC211;USB PC Camera ;C:\WINDOWS\system32\Drivers\ZS211.sys [2006-08-08 11:29]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{22cb381f-dc2c-11dc-8c54-001302c9a0be}]
\Shell\AutoRun\command - F:\LaunchU3.exe -a

.
Contents of the 'Scheduled Tasks' folder
"2008-03-03 09:42:08 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-02-29 07:30:00 C:\WINDOWS\Tasks\McAfee.com Scan for Viruses - My Computer (CAWTHORN-Kate Cawthorn).job"
- c:\program files\mcafee.com\vso\mcmnhdlr.exe
.
**************************************************************************

catchme 0.3.1344 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-03-08 07:55:50
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Intel\Wireless\Bin\EvtEng.exe
C:\Program Files\Intel\Wireless\Bin\S24EvMon.exe
C:\Program Files\Intel\Wireless\Bin\WLKeeper.exe
D:\aawservice.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\vso\mcshield.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\PROGRA~1\McAfee.com\PERSON~1\MpfService.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\Program Files\Intel\Wireless\Bin\RegSrvc.exe
C:\WINDOWS\system32\fxssvc.exe
C:\WINDOWS\system32\igfxsrvc.exe
C:\PROGRA~1\Intel\Wireless\Bin\Dot1XCfg.exe
.
**************************************************************************
.
Completion time: 2008-03-08 8:01:33 - machine was rebooted
ComboFix-quarantined-files.txt 2008-03-07 21:01:27
.
2008-02-27 04:38:26 --- E O F ---



CAN ANYONE HELP ME PLEASE????? THANX


Mod Edit: Topic moved to more appropriate forum~ TMacK

Edited by TMacK, 07 March 2008 - 05:51 PM.


BC AdBot (Login to Remove)

 


#2 Billy O'Neal

Billy O'Neal

    Visual C++ STL Maintainer


  • Malware Response Team
  • 12,304 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Redmond, Washington
  • Local time:07:47 AM

Posted 07 March 2008 - 06:14 PM

Please DO NOT run ComboFix unless directed by a trained malware removal specialist.

Please follow the instructions here: http://www.bleepingcomputer.com/forums/ind...10&hl=vundo

Please do an online scan with Kaspersky WebScanner.
  • Hold down your "Shift" key and click on this link: Kaspersky WebScanner, to open the Kaspersky WebScanner in a new window.
  • Click on "Kaspersky Online Scanner".
    • You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
    • The program will launch and then begin downloading the latest definition files.
  • Once the files have been downloaded click on "NEXT".
  • Now click on "Scan Settings".
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
      Extended (if available otherwise Standard)
    • Scan Options:
      Scan Archives
      Scan Mail Bases
  • Click OK.
  • Under select a target to scan, select "My Computer".
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
  • Upon completion, click on the "Save as Text" button.
  • Save the file to your desktop.
  • Copy and paste that information in your next post.
Billy3
Twitter - My statements do not establish the official position of Microsoft Corporation, and are my own personal opinion. (But you already knew that, right?)
Posted Image

#3 Orange Blossom

Orange Blossom

    OBleepin Investigator


  • Moderator
  • 36,994 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Bloomington, IN
  • Local time:10:47 AM

Posted 15 March 2008 - 09:11 PM

Hello Splinket and welcome to BC :thumbsup:

ComboFix logs should not to be posted outside the HijackThis forums. It is an extremely powerful tool which should only be used when instructed to do so by someone who has been properly trained. ComboFix is intended by its creator to be "used under the guidance and supervision of an expert", NOT for private use. Please read Combofix's Disclaimer. Using this tool incorrectly could lead to disastrous problems with your operating system such as preventing it from ever starting again.

Please create a new topic explaining the nature of your problem. Describe pop-ups and system tray or desktop icons that have appeared. Explain what is "going wrong" with your computer. Note any tools you have used and their respective results.

If needed, we will direct you to our HJT Preparation Guide.

Thank you for using BleepingComputer as your malware removal source.

This topic is now closed.
The BC Staff
Help us help you. If HelpBot replies, you MUST follow step 1 in its reply so we know you need help.

Orange Blossom

An ounce of prevention is worth a pound of cure

SpywareBlaster, WinPatrol Plus, ESET Smart Security, Malwarebytes' Anti-Malware, NoScript Firefox ext., Norton noscript




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users