Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Slow System. Think Its Got An Infection Or Something


  • This topic is locked This topic is locked
11 replies to this topic

#1 Blerdus

Blerdus

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 PM

Posted 12 May 2008 - 03:50 PM

ok here goes my first eva post.

to start, everything is running slow.i have run multiple virus scans and rootkit scans, online and stand alone. with progs like "Regrun, kapersky, avg, panda, housecall,ad-aware and spybot" and found alot. virusses like "hldrrr.exe,srosa.sys,wintems.exe,mdelk.exe and a couple more." apparently all gone now but system performance is still not much better which leads me to believe there is something still there.

some of the probs i'v noticed:
* i cannot boot safe mode. thats a biggie in my eyes.
* my IGP keeps crashing when playing games in d3d or openGL and wont let me update drivers. keeps saying access denied.
* microsoft online updates wont install any more. again error access denied. i havent updated in a while so i couldnt say when it last worked.
* when i look at my network connectons with "netstat -n" just after bootup i notice what i think is netbios creating lots of connections to my network hub. the more times i run netstat the bigger the list gets. my network connections icon in systray is mostly on. upload and download.
* when opening My Computer it takes foreva to populate the window and some other progs run in a similar fashion
* some functions on my soundcard fail me and crash the card. when i try to use eax console and the sound card mixer controle so im using windows default at the mo. i tried reinstall and updates. install prog works, updater does not fix the problem. it doesnt even reinstall creative mixer controles.

well, thats the brunt of it i think. i'v had a look at HJT logand i can see some lines i dont like but i think i know what they are.

stk014 and stk02n i think are something for a usb camera i have. nod32 is another virus proggy i tried to install that failed half way through and left its install stuff everywhere. "SweetIM" i installed a little while ago i never used it so i tried to uninstall and it wont.

my log doesnt seem to be as big as some of the others i'v seen on this sight so i'm not to sure if i ran a complete scan or not.
i'll do another one if needs be.

a quick overview of my system.

XP Home Sp2
intel 2.4 GHz cpu.
1Gb RAM.
VIA/s3 unichrome pro. no agp slot in this m/board so im using the IGP at the mo. which is tat

i hope i'v put in enough info. if any one has any ideas, please help and if you need any more details just say:)

oh yeah, some progs i try and install or use now return an error saying "not a valid win32 application" spybot for one example. hope this helps.

ps. if i'v posted in the wrong room. sorry. im not used to these type of sites.

many thanks to all who can help.



me :thumbsup:

Attached Files



BC AdBot (Login to Remove)

 


#2 Blerdus

Blerdus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 PM

Posted 12 May 2008 - 04:50 PM

i been doing a bit of reading on this site and thought i better update my post coz i just ran combofix and it deleted a few things and i noticed somewhare on this site that i shouldnt change anything untill somes had a look.
so on that note i thought i better post combo log and a new hijack log.

******************************************************************************************************
HJT log
******************************************************************************************************

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 10:35:37 PM, on 5/12/2008
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16608)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\svchost.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\CTHELPER.EXE
C:\WINDOWS\system32\VTTimer.exe
C:\WINDOWS\system32\VTtrayp.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\STK02N\STK02NM.exe
C:\WINDOWS\system32\wscntfy.exe
C:\WINDOWS\explorer.exe
C:\WINDOWS\system32\notepad.exe
C:\Program Files\Internet Explorer\iexplore.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKCU\Software\Microsoft\Internet Explorer\SearchURL,(Default) = http://g.msn.co.uk/0SEENGB/SAOS01?FORM=TOOLBR
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Local Page =
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Local Page =
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - URLSearchHook: SweetIM ToolbarURLSearchHook Class - {EEE6C35D-6118-11DC-9C72-001320C79847} - C:\Program Files\SweetIM\Toolbars\Internet Explorer\mgHelper.dll
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - D:\MICROS~1\Office12\GRA8E1~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_03\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O3 - Toolbar: AVG Security Toolbar - {A057A204-BACC-4D26-9990-79A187E2698E} - C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - Global Startup: STK014 PNP Monitor.lnk = ?
O4 - Global Startup: STK02N 2.3 PNP Monitor.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://D:\MICROS~1\Office12\EXCEL.EXE/3000
O16 - DPF: {0A5FD7C5-A45C-49FC-ADB5-9952547D5715} (Creative Software AutoUpdate) - http://www.creative.com/su/ocx/15030/CTSUEng.cab
O16 - DPF: {0CCA191D-13A6-4E29-B746-314DEE697D83} (Facebook Photo Uploader 5) - http://upload.facebook.com/controls/Facebo...toUploader5.cab
O16 - DPF: {17492023-C23A-453E-A040-C7C580BBF700} (Windows Genuine Advantage Validation Tool) - http://go.microsoft.com/fwlink/?linkid=39204
O16 - DPF: {215B8138-A3CF-44C5-803F-8226143CFC0A} (Trend Micro ActiveX Scan Agent 6.6) - http://housecall65.trendmicro.com/housecal...ivex/hcImpl.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\common\yinsthelper.dll
O16 - DPF: {54B52E52-8000-4413-BD67-FC7FE24B59F2} (EARTPatchX Class) - http://simcity.ea.com/update/EARTPX.cab
O16 - DPF: {5C6698D9-7BE4-4122-8EC5-291D84DBD4A0} (Facebook Photo Uploader 4 Control) - http://upload.facebook.com/controls/Facebo...toUploader3.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://update.microsoft.com/microsoftupdat...b?1178354308093
O16 - DPF: {C36661D7-3590-45B1-80B5-520839E94DAD} (MaxisSimCity4PatcherX Control) - http://simcity.ea.com/update/MaxisSimCity4PatcherX.cab
O16 - DPF: {CF40ACC5-E1BB-4AFF-AC72-04C2F616BCA7} -
O16 - DPF: {D6E7CFB5-C074-4D1C-B647-663D1A8D96BF} (Facebook Photo Uploader 4) - http://upload.facebook.com/controls/Facebo...Uploader4_5.cab
O16 - DPF: {E8F628B5-259A-4734-97EE-BA914D7BE941} (Driver Agent ActiveX Control) - http://plugin.driveragent.com/files/driveragent.cab
O16 - DPF: {EDFCB7CB-942C-4822-AF14-F0B687409848} (Image Uploader Control) - http://www.mypix.com/uk/uk/importer/ImageUploader4.cab
O16 - DPF: {F6ACF75C-C32C-447B-9BEF-46B766368D29} (Creative Software AutoUpdate Support Package) - http://www.creative.com/softwareupdate/su/...15034/CTPID.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - D:\MICROS~1\Office12\GR99D3~1.DLL
O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NOD32 Kernel Service (NOD32krn) - Unknown owner - C:\Program Files\Eset\nod32krn.exe (file missing)

--
End of file - 6062 bytes

******************************************************************************************************
combo log
******************************************************************************************************

ComboFix 08-05-11.1 - Willow 2008-05-12 22:01:08.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.2.1252.1.1033.18.536 [GMT 1:00]
Running from: D:\steves downloads\ComboFix.exe
* Created a new restore point

WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

C:\Documents and Settings\Willow\Application Data\m
C:\Documents and Settings\Willow\Application Data\m\list.oct
C:\Documents and Settings\Willow\Application Data\m\shared
C:\Documents and Settings\Willow\Application Data\m\srvlist.oct
C:\RECYCLER\RB3.tmp
C:\WINDOWS\system32\ban_list.txt
C:\WINDOWS\system32\drivers\down
C:\WINDOWS\system32\drivers\downld

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_NEW_DRV
-------\Legacy_SROSA


((((((((((((((((((((((((( Files Created from 2008-04-12 to 2008-05-12 )))))))))))))))))))))))))))))))
.

2008-05-12 18:45 . 2008-05-12 18:45 <DIR> d-------- C:\Program Files\Trend Micro
2008-05-12 02:04 . 2008-05-12 02:04 <DIR> d-------- C:\Program Files\Star Defender 3
2008-05-11 18:45 . 2008-05-11 18:45 <DIR> d-------- C:\Documents and Settings\Willow\Application Data\Pirates of the Atlantic
2008-05-11 18:44 . 2008-05-12 01:24 <DIR> d-------- C:\Program Files\Pirates of the Atlantic
2008-05-11 12:09 . 2008-05-11 12:09 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kristanix Games
2008-05-11 12:08 . 2008-05-11 12:08 <DIR> d-------- C:\Program Files\Mahjong Epic
2008-05-11 02:21 . 2008-05-11 02:21 <DIR> d-------- C:\Program Files\nkh
2008-05-10 10:20 . 2008-05-10 10:20 <DIR> d-------- C:\WINDOWS\STK02N
2008-05-10 10:20 . 2007-03-12 14:25 101,520 --a------ C:\WINDOWS\system32\drivers\STK02NW2.sys
2008-05-10 10:20 . 2007-03-12 14:28 40,960 --a------ C:\WINDOWS\system32\STK02NP.ax
2008-05-10 10:20 . 2007-03-12 14:25 33,728 --a------ C:\WINDOWS\system32\drivers\STK02NW1.sys
2008-05-10 00:12 . 2008-05-10 00:12 <DIR> d-------- C:\WINDOWS\PixArt
2008-05-10 00:12 . 2008-05-10 00:12 <DIR> d-------- C:\Program Files\PC Camer@
2008-05-10 00:12 . 2008-05-10 00:12 <DIR> d-------- C:\Program Files\Common Files\PCCamera
2008-05-09 23:21 . 2008-05-09 23:21 <DIR> d-------- C:\WINDOWS\STK014
2008-05-09 23:21 . 2008-05-10 12:43 <DIR> d-------- C:\Program Files\STK014
2008-05-09 23:21 . 2003-07-15 11:25 99,476 --a------ C:\WINDOWS\system32\drivers\STK014W2.sys
2008-05-09 23:21 . 2003-07-11 12:30 40,960 --a------ C:\WINDOWS\system32\STK014P.ax
2008-05-09 23:21 . 2003-07-15 11:25 32,140 --a------ C:\WINDOWS\system32\drivers\STK014W1.sys
2008-05-09 23:06 . 2008-05-09 23:06 <DIR> d-------- C:\Documents and Settings\Willow\Application Data\ArcSoft
2008-05-09 21:25 . 2008-05-09 21:25 148 --a------ C:\WINDOWS\S3.uns
2008-05-09 16:54 . 2008-05-10 23:18 2,200 --a------ C:\WINDOWS\UChromeP.uns
2008-05-09 14:16 . 2008-05-09 14:19 <DIR> d-------- C:\Program Files\ESET
2008-05-09 12:00 . 2008-05-10 12:43 <DIR> d--h----- C:\$AVG8.VAULT$
2008-05-09 03:05 . 2008-05-12 08:17 <DIR> d-------- C:\WINDOWS\system32\drivers\Avg
2008-05-09 03:05 . 2008-05-09 03:05 <DIR> d-------- C:\Program Files\AVG
2008-05-09 03:05 . 2008-05-09 03:05 <DIR> d-------- C:\Documents and Settings\Willow\Application Data\AVGTOOLBAR
2008-05-09 03:05 . 2008-05-09 03:05 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\avg8
2008-05-09 03:05 . 2008-05-09 03:05 96,520 --a------ C:\WINDOWS\system32\drivers\avgldx86.sys
2008-05-09 03:05 . 2008-05-09 03:05 10,520 --a------ C:\WINDOWS\system32\avgrsstx.dll
2008-05-09 02:39 . 2008-05-11 01:55 <DIR> d-------- C:\Documents and Settings\Willow\Application Data\VersionTracker Pro
2008-05-08 22:26 . 2008-05-08 22:26 123 --a------ C:\WINDOWS\rootkitno.ini
2008-05-07 21:43 . 2008-05-07 21:43 <DIR> d-------- C:\Program Files\Common Files\ArcSoft
2008-05-07 21:43 . 2003-09-19 15:45 21,248 --a------ C:\WINDOWS\system32\drivers\pfc.sys
2008-05-07 21:41 . 2001-08-24 08:25 1,706,800 --a------ C:\WINDOWS\system32\gdiplus.dll
2008-05-07 21:39 . 2008-05-07 21:39 <DIR> d-------- C:\Program Files\ArcSoft
2008-05-07 21:39 . 1995-08-01 04:44 212,480 --a------ C:\WINDOWS\PCDLIB32.DLL
2008-05-07 21:22 . 2007-03-22 15:55 3,560,064 --a------ C:\WINDOWS\system32\vtdisp.dll
2008-05-07 21:22 . 2007-03-22 15:55 3,560,064 --a------ C:\WINDOWS\system32\SETE.tmp
2008-05-07 21:22 . 2007-03-22 15:58 1,900,544 --a------ C:\WINDOWS\system32\vticd.dll
2008-05-07 21:22 . 2007-03-22 15:55 281,856 --a------ C:\WINDOWS\system32\drivers\vtmini.sys
2008-05-07 21:22 . 2007-03-09 11:33 249,856 --a------ C:\WINDOWS\system32\s3iset32.dll
2008-05-07 21:22 . 2007-03-27 10:04 204,800 --a------ C:\WINDOWS\system32\s3minset.exe
2008-05-07 21:09 . 2008-05-07 21:12 <DIR> d-------- C:\Program Files\VIA
2008-05-07 21:09 . 2005-04-13 18:54 331,184 --------- C:\WINDOWS\system32\difxapi.dll
2008-05-07 21:08 . 2008-01-22 14:02 117,248 --a------ C:\WINDOWS\system32\drivers\viamraid.sys
2008-05-07 21:08 . 2007-09-21 17:49 9,216 --a------ C:\WINDOWS\system32\drivers\videX32.sys
2008-05-07 00:37 . 2008-05-07 00:37 23,600 --a------ C:\WINDOWS\system32\drivers\TVICHW32.SYS
2008-05-04 23:09 . 2008-05-04 23:09 <DIR> d-------- C:\Documents and Settings\Willow\Application Data\Samsung
2008-05-04 22:57 . 2006-05-03 22:53 174,592 --a------ C:\WINDOWS\system32\framedyn.dll
2008-05-04 22:54 . 2006-07-24 16:05 5,632 --a------ C:\WINDOWS\system32\drivers\StarOpen.sys
2008-05-04 22:53 . 2008-05-11 18:26 <DIR> d-------- C:\Program Files\Samsung
2008-05-04 21:37 . 2008-05-04 21:37 43,520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-05-02 08:24 . 2008-05-02 08:24 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Hazard Perception Training
2008-05-02 08:19 . 2008-05-02 22:43 <DIR> d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Driving Test Success
2008-05-01 11:17 . 2008-05-01 23:38 <DIR> d-------- C:\Program Files\Driving Theory Test Express
2008-05-01 11:17 . 1998-06-18 00:00 32,768 --a------ C:\WINDOWS\system32\REGTOOL5.DLL
2008-04-29 23:36 . 2008-04-29 23:36 <DIR> d-------- C:\Program Files\EPSON
2008-04-29 21:58 . 2008-04-29 22:15 <DIR> d-------- C:\Program Files\Uniblue
2008-04-29 07:33 . 2008-04-29 07:33 <DIR> d-------- C:\Documents and Settings\Willow\Application Data\InstallShield
2008-04-24 22:10 . 2008-04-24 22:10 <DIR> d-------- C:\Program Files\directx
2008-04-24 21:34 . 2008-04-24 21:34 642,560 --a------ C:\WINDOWS\system32\drivers\sptd.sys
2008-04-24 21:34 . 2008-04-24 21:34 96,256 --a------ C:\WINDOWS\system32\drivers\sptd2381.sys
2008-04-16 20:28 . 2008-04-16 20:28 <DIR> d-------- C:\logs3
2008-04-13 16:43 . 2008-05-08 22:26 <DIR> d-------- C:\RootkitNO
2008-04-13 16:01 . C:\WINDOWS\(2) C:\ComboFix\winstart.bat
2008-04-13 11:30 . 2003-09-06 15:55 57,556 --a------ C:\WINDOWS\guard.bmp
2008-04-12 18:07 . 2008-04-26 23:47 <DIR> d-------- C:\Program Files\Acceleration Software
2008-04-12 16:56 . 2008-04-26 23:47 <DIR> d-------- C:\Program Files\Common Files\eAcceleration

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-05-12 18:52 --------- d-----w C:\Program Files\Super Internet TV
2008-05-12 01:34 --------- d---a-w C:\Documents and Settings\All Users.WINDOWS\Application Data\TEMP
2008-05-10 22:17 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-05-09 13:38 --------- d-----w C:\Program Files\DivX
2008-05-09 13:32 --------- d-----w C:\Program Files\SweetIM
2008-05-09 13:25 --------- d-----w C:\Program Files\Motherboard Monitor 5
2008-05-09 11:46 --------- d-----w C:\Program Files\MagicISO
2008-05-06 23:25 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Microsoft Help
2008-04-29 22:39 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\EPSON
2008-04-29 20:59 --------- d-----w C:\Documents and Settings\Willow\Application Data\Uniblue
2008-04-26 22:43 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira
2008-04-11 21:13 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Kontiki
2008-04-06 16:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\SweetIM
2008-04-03 07:11 --------- d-----w C:\Program Files\ACDSee32
2008-03-28 19:23 348,068 ----a-w C:\WINDOWS\Xbox.scr
2008-03-28 19:23 336,468 ----a-w C:\WINDOWS\Xbox.exe
2008-03-28 19:23 30,208 ----a-w C:\WINDOWS\mickey32.dll
2008-03-21 08:58 --------- d-----w C:\Program Files\MSN Messenger
2008-03-18 23:23 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-03-18 23:23 --------- d-----w C:\Documents and Settings\All Users.WINDOWS\Application Data\Spybot - Search & Destroy
2008-03-17 21:24 --------- d-----w C:\Program Files\Common Files\Motive
2008-03-17 21:09 --------- d-----w C:\Program Files\btbb_wcm
2008-03-16 22:07 --------- d-----w C:\Program Files\Google
2008-03-15 22:13 --------- d-----r C:\Program Files\echain
2008-03-14 22:23 --------- d-----w C:\Program Files\RegCure
2008-03-13 19:41 --------- d-----w C:\Program Files\stm
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Internet Explorer\Toolbar]
"{A057A204-BACC-4D26-9990-79A187E2698E}"= "C:\PROGRA~1\AVG\AVG8\AVGTOO~1.DLL" [2008-05-09 03:05 2050816]

[HKEY_CLASSES_ROOT\clsid\{a057a204-bacc-4d26-9990-79a187e2698e}]
[HKEY_CLASSES_ROOT\avgtoolbar.AVGTOOLBAR]

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 08:56 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSConfig"="C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe" [2004-08-04 08:56 158208]
"CTxfiHlp"="CTXFIHLP.EXE" [2006-08-11 14:56 18944 C:\WINDOWS\system32\CTXFIHLP.EXE]
"CTHelper"="CTHELPER.EXE" [2006-08-11 14:56 17920 C:\WINDOWS\CTHELPER.EXE]
"VTTimer"="VTTimer.exe" [2006-09-21 16:36 53248 C:\WINDOWS\system32\VTTimer.exe]
"VTTrayp"="VTtrayp.exe" [2007-02-06 07:30 176128 C:\WINDOWS\system32\VTTrayp.exe]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"msacm.L3CODECP"= L3CODECP.acm
"msacm.g723"= g723.acm
"vidc.I263"= I263_32.drv

[HKLM\~\startupfolder\C:^Documents and Settings^All Users.WINDOWS^Start Menu^Programs^Startup^Bluetooth.lnk]
backup=C:\WINDOWS\pss\Bluetooth.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\@RegRunOnSecure]
C:\PROGRA~1\Greatis\REGRUN~1\OnSecure.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Photo Downloader]
--a------ 2007-03-09 11:09 63712 C:\Program Files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Adobe Reader Speed Launcher]
--a------ 2008-01-11 23:16 39792 C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\AVG7_CC]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_McciTrayApp]
--------- 2007-08-22 14:34 936960 C:\Program Files\BT Broadband Desktop Help\bin\BTHelpNotifier.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\btbb_wcm_McciTrayApp]
--a------ 2006-12-07 07:59 935936 C:\Program Files\btbb_wcm\McciTrayApp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\GrooveMonitor]
--a------ 2006-10-27 01:47 31016 D:\Microsoft Office\Office12\GrooveMonitor.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\KernelFaultCheck]
C:\WINDOWS\system32\dumprep 0 -k

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
--a------ 2001-07-09 11:50 155648 C:\WINDOWS\system32\NeroCheck.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NWEReboot]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
--a------ 2008-02-01 00:13 385024 C:\Program Files\QuickTime\qttask.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Regrun2]
C:\PROGRA~1\Greatis\REGRUN~1\WatchDog.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftickPPP]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoftwareStation]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StopSignSsSsMon]
C:\Program Files\Acceleration Software\Anti-Virus\ssssmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\StopSignSsTsMon]
C:\Program Files\Acceleration Software\Anti-Virus\sstsmon.dll

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2007-09-25 02:11 132496 C:\Program Files\Java\jre1.6.0_03\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SweetIM]
C:\Program Files\SweetIM\Messenger\SweetIM.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TkBellExe]
--a------ 2007-06-02 08:16 180269 C:\Program Files\Common Files\Real\Update_OB\realsched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTimer]
--a------ 2006-09-21 16:36 53248 C:\WINDOWS\system32\VTTimer.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VTTrayp]
--a------ 2007-02-06 07:30 176128 C:\WINDOWS\system32\VTTrayp.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]
"WMPNetworkSvc"=3 (0x3)
"usnjsvc"=3 (0x3)
"StarWindService"=2 (0x2)
"ose"=3 (0x3)
"odserv"=3 (0x3)
"Microsoft Office Groove Audit Service"=3 (0x3)
"KService"=2 (0x2)
"CSIScanner"=2 (0x2)
"TPUDS"=3 (0x3)
"eac_productsvc"=2 (0x2)
"eac_notifysvc"=2 (0x2)

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"AntiVirusDisableNotify"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\Messenger\\msmsgs.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"C:\\Program Files\\MSN Messenger\\msnmsgr.exe"=
"C:\\Program Files\\MSN Messenger\\livecall.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"4662:TCP"= 4662:TCP:em tcp
"4672:UDP"= 4672:UDP:em udp

R0 videX32;videX32;C:\WINDOWS\system32\DRIVERS\videX32.sys [2007-09-21 17:49]
R1 AvgLdx86;AVG AVI Loader Driver x86;C:\WINDOWS\system32\Drivers\avgldx86.sys [2008-05-09 03:05]
R1 vcdrom;Virtual CD-ROM Device Driver;C:\Documents and Settings\Willow\Desktop\virtual cd\VCdRom.sys [2001-12-19 12:45]
R2 avg8wd;AVG8 WatchDog;C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe [2008-05-09 03:05]
R2 SVKP;SVKP;C:\WINDOWS\system32\SVKP.sys [2007-05-31 22:45]
R3 ctgame;Game Port;C:\WINDOWS\system32\DRIVERS\ctgame.sys [2002-12-30 10:53]
S0 Partizan;Partizan;C:\WINDOWS\system32\drivers\Partizan.sys []
S3 DCamUSBSTK014;STK014 Camera;C:\WINDOWS\system32\DRIVERS\STK014W2.sys [2003-07-15 11:25]
S3 ss_bus;SAMSUNG Mobile USB Device 1.0 driver (WDM);C:\WINDOWS\system32\DRIVERS\ss_bus.sys [2005-08-30 17:57]
S3 ss_mdfl;SAMSUNG Mobile USB Modem 1.0 Filter;C:\WINDOWS\system32\DRIVERS\ss_mdfl.sys [2005-08-30 17:58]
S3 ss_mdm;SAMSUNG Mobile USB Modem 1.0 Drivers;C:\WINDOWS\system32\DRIVERS\ss_mdm.sys [2005-08-30 17:59]
S3 usbprint;Microsoft USB PRINTER Class;C:\WINDOWS\system32\DRIVERS\usbprint.sys [2004-08-04 08:01]
S4 TPUDS;TPUDS;C:\DOCUME~1\Willow\LOCALS~1\Temp\TPUDS.exe []

.
Contents of the 'Scheduled Tasks' folder
"2008-05-12 07:48:04 C:\WINDOWS\Tasks\AppleSoftwareUpdate.job"
- C:\Program Files\Apple Software Update\SoftwareUpdate.exe
"2008-05-12 21:09:01 C:\WINDOWS\Tasks\RegCure Program Check.job"
- C:\Program Files\RegCure\RegCure.exe
"2008-05-08 08:17:25 C:\WINDOWS\Tasks\RegCure.job"
- C:\Program Files\RegCure\RegCure.exe
.
**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-05-12 22:10:09
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


C:\WINDOWS\TEMP\059e6591-f8ae-4a44-8b34-2b1d34db0d34.tmp

scan completed successfully
hidden files: 1

**************************************************************************
.
------------------------ Other Running Processes ------------------------
.
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\system32\CTSVCCDA.EXE
C:\WINDOWS\system32\MsPMSPSv.exe
C:\PROGRA~1\AVG\AVG8\avgrsx.exe
C:\WINDOWS\STK02N\STK02NM.exe
C:\WINDOWS\system32\wscntfy.exe
.
**************************************************************************
.
Completion time: 2008-05-12 22:18:48 - machine was rebooted
ComboFix-quarantined-files.txt 2008-05-12 21:18:29

Pre-Run: 3,991,138,304 bytes free
Post-Run: 4,650,049,536 bytes free

260 --- E O F --- 2008-05-12 02:01:53

#3 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 PM

Posted 02 June 2008 - 07:31 PM

Hello


Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Please download Deckard's System Scanner (DSS) and save to your Desktop.
alternate download site

DSS will do the following:
  • Create a new System Restore point in Windows XP and Vista.
  • Clean your Temporary Files, Downloaded Program Files, Internet Cache Files, and empty the Recycle Bin on all drives.
  • Check some important areas of your system and produce a report for an analyst to review.
  • Automatically run HijackThis. It will also install and place a shortcut to HijackThis on your desktop if you do not already have it installed. So if HijackThis is not installed and DSS prompts you to download it, please answer yes.
You must be logged onto an account with administrator privileges when using.
  • Close all applications and windows.
  • Double-click on dss.exe to run it and follow the prompts.
  • If your anti-virus or firewall complains, please allow this script to run as it is not
    malicious.
  • When the scan is complete, two text files will open in Notepad:
    • main.txt <- this one will be maximized
    • extra.txt <- this one will be minimized
  • If not, they both can be found in the C:\Deckard\System Scanner folder.
  • Please copy (Ctrl+C) and paste (Ctrl+V) the contents of main.txt and extra.txt in your next reply.
-- When running DSS, some firewalls may warn that it is trying to access the Internet especially if your asked to download the most current version of HijackThis. Please ensure that you allow it permission to do so.
-- If you get a warning from your anti-virus while DSS is scanning, please allow DSS to continue as the scan is not harmful.



Next
Please do an online scan with Kaspersky WebScanner

Click on Accept Button

You will be promted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#4 don77

don77

    Forum Regular


  • Members
  • 3,212 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Boston Mass
  • Local time:01:05 PM

Posted 08 June 2008 - 06:55 PM

Due to the lack of feedback, this Topic is closed.

If you need this topic reopened, please request this by sending the moderating team
a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.

#5 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 PM

Posted 07 July 2008 - 10:44 AM

Reopened!

Please, post a new Deckard's System Scanner.
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#6 Blerdus

Blerdus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 PM

Posted 07 July 2008 - 04:44 PM

dss main.txt
=========================================================================
Deckard's System Scanner v20071014.68
Run by Owner on 2008-07-07 22:32:53
Computer is in Normal Mode.
--------------------------------------------------------------------------------

System Drive C: has 4.93 GiB (less than 15%) free.


-- HijackThis (run as Owner.exe) -----------------------------------------------

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 22:32:59, on 07/07/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16674)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\CTHELPER.EXE
C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe
C:\WINDOWS\system32\RUNDLL32.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Belkin\Bluetooth Software\BTTray.exe
C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
C:\WINDOWS\System32\CTsvcCDA.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\WINDOWS\System32\MsPMSPSv.exe
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\Internet Explorer\IEXPLORE.EXE
C:\Program Files\Common Files\Microsoft Shared\Windows Live\WLLoginProxy.exe
C:\Documents and Settings\Owner\Desktop\dss.exe
C:\PROGRA~1\TRENDM~1\HIJACK~1\Owner.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.google.co.uk/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://go.microsoft.com/fwlink/?LinkId=69157
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: ShoppingReport - {100EB1FD-D03E-47FD-81F3-EE91287F9465} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O2 - BHO: Groove GFS Browser Helper - {72853161-30C5-4D22-B7F9-0BBC1D38A37E} - C:\PROGRA~1\MICROS~2\Office12\GRA8E1~1.DLL
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O4 - HKLM\..\Run: [CTHelper] CTHELPER.EXE
O4 - HKLM\..\Run: [CTxfiHlp] CTXFIHLP.EXE
O4 - HKLM\..\Run: [VTTimer] VTTimer.exe
O4 - HKLM\..\Run: [VTTrayp] VTtrayp.exe
O4 - HKLM\..\Run: [Adobe Reader Speed Launcher] "C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe"
O4 - HKLM\..\Run: [GrooveMonitor] "C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe"
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [KernelFaultCheck] %systemroot%\system32\dumprep 0 -k
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [EPSON Stylus D92 Series] C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.EXE /FU "C:\WINDOWS\TEMP\E_S86.tmp" /EF "HKCU"
O4 - HKCU\..\Run: [NVIDIA nTune] "C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" clear
O4 - HKCU\..\Run: [Uniblue RegistryBooster 2] C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe /S
O4 - HKUS\S-1-5-19\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-19\..\Run: [AVG7_Run] C:\PROGRA~1\Grisoft\AVG7\avgw.exe /RUNONCE (User 'LOCAL SERVICE')
O4 - HKUS\S-1-5-20\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'NETWORK SERVICE')
O4 - HKUS\S-1-5-18\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [CTFMON.EXE] C:\WINDOWS\System32\CTFMON.EXE (User 'Default user')
O4 - Global Startup: Bluetooth.lnk = ?
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\Office12\EXCEL.EXE/3000
O8 - Extra context menu item: Send to &Bluetooth Device... - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie_ctx.htm
O9 - Extra button: Send to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra 'Tools' menuitem: S&end to OneNote - {2670000A-7350-4f3c-8081-5663EE0C6C49} - C:\PROGRA~1\MICROS~2\Office12\ONBttnIE.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\Office12\REFIEBAR.DLL
O9 - Extra button: ShopperReports - Compare product prices - {C5428486-50A0-4a02-9D20-520B59A9F9B2} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: ShopperReports - Compare travel rates - {C5428486-50A0-4a02-9D20-520B59A9F9B3} - C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll
O9 - Extra button: @btrez.dll,-4015 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra 'Tools' menuitem: @btrez.dll,-12650 - {CCA281CA-C863-46ef-9331-5C8D4460577F} - C:\Program Files\Belkin\Bluetooth Software\btsendto_ie.htm
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (Installation Support) - C:\Program Files\Yahoo!\Common\Yinsthelper.dll
O16 - DPF: {4F1E5B1A-2A80-42CA-8532-2D05CB959537} (MSN Photo Upload Tool) - http://gfx2.hotmail.com/mail/w2/resources/MSNPUpld.cab
O16 - DPF: {6E32070A-766D-4EE6-879C-DC1FA91D2FC3} (MUWebControl Class) - http://www.update.microsoft.com/microsoftu...b?1211649674218
O16 - DPF: {BDBDE413-7B1C-4C68-A8FF-C5B2B4090876} (F-Secure Online Scanner 3.3) - http://support.f-secure.com/ols/fscax.cab
O16 - DPF: {D1E7CBDA-E60E-4970-A01C-37301EF7BF98} (Measurement Services Client v.3.12) - http://www.yougamers.com/systeminfo/MSC3.cab
O18 - Protocol: grooveLocalGWS - {88FED34C-F0CA-4636-A375-3CB6248B04CD} - C:\PROGRA~1\MICROS~2\Office12\GR99D3~1.DLL
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVG7\avgemc.exe
O23 - Service: Bluetooth Service (btwdins) - Broadcom Corporation. - C:\Program Files\Belkin\Bluetooth Software\bin\btwdins.exe
O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\System32\CTsvcCDA.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: WYRPINGQ - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\WYRPINGQ.exe (file missing)

--
End of file - 7579 bytes

-- Files created between 2008-06-07 and 2008-07-07 -----------------------------

2008-07-06 19:02:36 47104 --a------ C:\WINDOWS\system32\Wh2Robo.dll
2008-07-06 19:02:36 317952 --a------ C:\WINDOWS\system32\Roboex32.dll <Not Verified; Blue Sky Software Corporation.; RoboHELP Classic>
2008-07-06 19:02:31 0 d-------- C:\Program Files\Paint Shop Pro 6
2008-07-06 13:57:34 0 d-------- C:\Documents and Settings\Owner\Application Data\ShoppingReport
2008-07-06 13:57:33 0 d-------- C:\Program Files\ShoppingReport
2008-07-04 03:22:39 360580 --a------ C:\WINDOWS\eSellerateEngine.dll <Not Verified; eSellerate Inc.; eSellerateEngine>
2008-07-04 03:22:38 0 d-------- C:\Program Files\Hot CPU Tester Pro 4 LE
2008-07-03 02:59:58 0 d-------- C:\Documents and Settings\Owner\Application Data\Malwarebytes
2008-07-03 02:59:55 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Malwarebytes
2008-07-03 02:59:54 0 d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-07-03 00:52:59 0 d-------- C:\fsaua.data
2008-06-30 00:35:26 5220 --a------ C:\WINDOWS\system32\drivers\WBHWDOCT.SYS <Not Verified; Winbond Electronics Corp.; Winbond Hardware Doctor>
2008-06-30 00:35:25 0 d-------- C:\Program Files\Winbond
2008-06-30 00:35:09 299520 --a------ C:\WINDOWS\uninst.exe <Not Verified; InstallShield Corporation, Inc.; InstallShield unInstaller>
2008-06-30 00:19:38 0 d-------- C:\Program Files\VIA Technologies, Inc
2008-06-28 19:31:35 0 d-------- C:\Program Files\Common Files\xing shared
2008-06-28 19:31:15 0 d-------- C:\Program Files\Common Files\Real
2008-06-28 19:31:11 0 d-------- C:\Program Files\Real
2008-06-28 19:30:45 0 d-------- C:\Documents and Settings\Owner\Application Data\Real
2008-06-27 18:27:12 0 d-------- C:\Program Files\Rockstar Games
2008-06-26 16:50:40 0 d-------- C:\WINDOWS\Logs
2008-06-26 16:39:49 25992 --a------ C:\WINDOWS\system32\pgdfgsvc.exe <Not Verified; Sysinternals - www.sysinternals.com; Page File Defragmenter>
2008-06-25 19:48:54 0 d-------- C:\Program Files\directx
2008-06-25 18:58:36 182272 --a------ C:\WINDOWS\patchw32.dll
2008-06-25 17:21:16 4096 --a------ C:\WINDOWS\d3dx.dat
2008-06-25 15:48:34 0 d-------- C:\Program Files\Lionhead Studios Ltd
2008-06-25 14:52:33 0 d-------- C:\Documents and Settings\Owner\Application Data\dvdcss
2008-06-25 00:30:48 0 d-------- C:\Program Files\SpeedFan
2008-06-25 00:21:03 0 d-------- C:\Program Files\Yahoo!
2008-06-24 23:30:56 0 d-------- C:\Program Files\Motherboard Monitor 5
2008-06-16 22:53:23 0 d-------- C:\WINDOWS\Drivers
2008-06-16 22:53:22 0 d-------- C:\WINDOWS\Thomson.0000
2008-06-12 21:42:59 0 d-------- C:\Documents and Settings\Owner\Bluetooth Software
2008-06-12 12:17:36 0 d-------- C:\Program Files\Belkin
2008-06-12 12:09:27 67384 --a------ C:\WINDOWS\system32\drivers\btwusb.sys <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1700>
2008-06-12 12:09:20 77824 -ra------ C:\WINDOWS\system32\btw_ci.dll <Not Verified; Broadcom Corporation.; Bluetooth Software 5.1.0.1700>
2008-06-10 12:14:56 0 d-------- C:\UT2004
2008-06-10 10:29:55 0 d-------- C:\Program Files\MagicISO
2008-06-09 23:00:41 0 dr-h----- C:\Documents and Settings\Administrator.BLERDS\Application Data
2008-06-09 23:00:41 0 d---s---- C:\Documents and Settings\Administrator.BLERDS\Application Data\Microsoft
2008-06-09 23:00:40 0 d--h----- C:\Documents and Settings\Administrator.BLERDS\Templates
2008-06-09 23:00:40 0 dr------- C:\Documents and Settings\Administrator.BLERDS\Start Menu
2008-06-09 23:00:40 0 dr-h----- C:\Documents and Settings\Administrator.BLERDS\SendTo
2008-06-09 23:00:40 0 d--h----- C:\Documents and Settings\Administrator.BLERDS\Recent
2008-06-09 23:00:40 0 d--h----- C:\Documents and Settings\Administrator.BLERDS\PrintHood
2008-06-09 23:00:40 524288 --ah----- C:\Documents and Settings\Administrator.BLERDS\NTUSER.DAT
2008-06-09 23:00:40 0 d--h----- C:\Documents and Settings\Administrator.BLERDS\NetHood
2008-06-09 23:00:40 0 d-------- C:\Documents and Settings\Administrator.BLERDS\My Documents
2008-06-09 23:00:40 0 d--h----- C:\Documents and Settings\Administrator.BLERDS\Local Settings
2008-06-09 23:00:40 0 d-------- C:\Documents and Settings\Administrator.BLERDS\Favorites
2008-06-09 23:00:40 0 d-------- C:\Documents and Settings\Administrator.BLERDS\Desktop
2008-06-09 23:00:40 0 d--hs---- C:\Documents and Settings\Administrator.BLERDS\Cookies
2008-06-07 23:54:33 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Kaspersky Lab
2008-06-07 23:54:25 0 d-------- C:\WINDOWS\system32\Kaspersky Lab
2008-06-07 23:38:16 262144 --a------ C:\Documents and Settings\All Users.WINDOWS\ntuser.dat
2008-06-07 23:28:49 0 d-------- C:\Documents and Settings\All Users.WINDOWS\Application Data\Avira


-- Find3M Report ---------------------------------------------------------------

2008-07-06 01:34:05 0 d-------- C:\Documents and Settings\Owner\Application Data\AVG7
2008-07-01 15:33:42 0 d-------- C:\Documents and Settings\Owner\Application Data\BitTorrent
2008-06-30 02:19:06 8 --a------ C:\WINDOWS\system32\nvModes.dat
2008-06-28 19:31:35 0 d-------- C:\Program Files\Common Files
2008-06-27 22:37:56 0 d-------- C:\Program Files\Outspark
2008-06-27 18:27:12 0 d--h----- C:\Program Files\InstallShield Installation Information
2008-06-18 18:13:28 0 d-------- C:\Documents and Settings\Owner\Application Data\Adobe
2008-06-10 12:27:10 43520 --a------ C:\WINDOWS\system32\CmdLineExt03.dll
2008-06-05 23:24:17 0 d-------- C:\Program Files\BitTorrent
2008-06-04 16:28:08 0 d-------- C:\Documents and Settings\Owner\Application Data\Uniblue
2008-06-04 14:53:40 0 d-------- C:\Program Files\Futuremark
2008-06-03 21:16:51 0 d-------- C:\Program Files\S3
2008-06-02 23:39:01 2368 --a------ C:\WINDOWS\system32\STEC3.sys <Not Verified; AntiCracking; SVKP driver for NT>
2008-06-02 23:31:14 0 d-------- C:\Program Files\Common Files\Wise Installation Wizard
2008-06-01 09:19:36 0 d-------- C:\Program Files\Microsoft Works
2008-06-01 09:19:11 0 d-------- C:\Program Files\MSBuild
2008-05-31 15:43:06 0 d-------- C:\Program Files\Windows Media Connect 2
2008-05-30 03:38:26 0 d-------- C:\Program Files\Starbreeze Studios
2008-05-29 22:53:07 551 --a------ C:\WINDOWS\eReg.dat
2008-05-29 02:59:20 0 d-------- C:\Documents and Settings\Owner\Application Data\vlc
2008-05-29 02:53:21 0 d-------- C:\Program Files\VideoLAN
2008-05-29 02:31:26 0 d-------- C:\Program Files\NVIDIA Corporation
2008-05-29 02:29:44 0 d-------- C:\Program Files\NVIDIA nTune Performance Application
2008-05-28 22:12:00 0 d-------- C:\Program Files\THQ
2008-05-28 15:43:20 0 d-------- C:\Program Files\MadOnion.com
2008-05-28 00:54:17 0 d-------- C:\Program Files\QuickPerfMon
2008-05-28 00:23:23 552 --a------ C:\WINDOWS\system32\d3d8caps.dat
2008-05-27 01:06:50 0 d-------- C:\Program Files\Common Files\DirectX
2008-05-27 00:48:33 0 d-------- C:\Program Files\Common Files\Adobe
2008-05-26 12:30:50 0 d-------- C:\Documents and Settings\Owner\Application Data\JAM Software
2008-05-25 23:21:14 0 d-------- C:\Program Files\EPSON
2008-05-25 23:10:42 0 d-------- C:\Program Files\VIA
2008-05-25 22:56:46 0 d-------- C:\Program Files\Trend Micro
2008-05-25 21:17:38 0 d-------- C:\Program Files\Creative
2008-05-25 21:16:33 409600 --a------ C:\WINDOWS\system32\wrap_oal.dll <Not Verified; Creative Labs; Creative Labs OpenAL32>
2008-05-25 21:16:33 86016 --a------ C:\WINDOWS\system32\OpenAL32.dll <Not Verified; Portions © Creative Labs Inc. and NVIDIA Corp.; Standard OpenAL™ Library>
2008-05-25 00:53:31 0 d-------- C:\Program Files\MSN Messenger
2008-05-25 00:46:07 0 d-------- C:\Program Files\Messenger
2008-05-25 00:45:34 0 d-------- C:\Program Files\Movie Maker
2008-05-25 00:41:56 0 d-------- C:\Program Files\Windows NT
2008-05-24 14:17:27 0 d-------- C:\Documents and Settings\Owner\Application Data\Regrun
2008-05-24 14:16:45 0 d-------- C:\Program Files\Greatis
2008-05-24 13:46:18 1635 --a------ C:\WINDOWS\system32\qsrlh.exe
2008-05-24 13:46:18 1635 --a------ C:\WINDOWS\system32\hkrlupxq.exe
2008-05-24 12:59:10 0 d-------- C:\Program Files\Security Task Manager
2008-05-24 12:59:10 0 d-------- C:\Documents and Settings\Owner\Application Data\Help
2008-05-24 11:12:15 1635 --a------ C:\WINDOWS\system32\uvmqtetx.exe
2008-05-24 11:12:15 1635 --a------ C:\WINDOWS\system32\nkwiy.exe
2008-05-24 08:51:28 0 d-------- C:\Documents and Settings\Owner\Application Data\Virgin Broadband
2008-05-24 07:33:23 1635 --a------ C:\WINDOWS\system32\iblsf.exe
2008-05-24 07:33:23 1635 --a------ C:\WINDOWS\system32\agxpcdb.exe
2008-05-24 07:15:35 1635 --a------ C:\WINDOWS\system32\zqklogv.exe
2008-05-24 07:15:35 1635 --a------ C:\WINDOWS\system32\rmtnrc.exe
2008-05-24 07:12:11 1635 --a------ C:\WINDOWS\system32\zqbrxnu.exe
2008-05-24 07:12:11 1635 --a------ C:\WINDOWS\system32\wtolwvc.exe
2008-05-24 02:58:12 0 d-------- C:\Program Files\Lavasoft
2008-05-24 02:54:41 0 d-------- C:\Program Files\Croteam
2008-05-24 02:50:12 0 d-------- C:\Program Files\Alcohol Soft
2008-05-24 02:48:01 1635 --a------ C:\WINDOWS\system32\wjexmt.exe
2008-05-24 02:48:01 1635 --a------ C:\WINDOWS\system32\nsefdbr.exe
2008-05-24 02:16:29 0 d-------- C:\Documents and Settings\Owner\Application Data\Creative
2008-05-16 14:01:00 1630208 --a------ C:\WINDOWS\system32\nwiz.exe
2008-05-16 14:01:00 1019904 --a------ C:\WINDOWS\system32\nvwimg.dll
2008-05-16 14:01:00 1703936 --a------ C:\WINDOWS\system32\nvwdmcpl.dll
2008-05-16 14:01:00 466944 --a------ C:\WINDOWS\system32\nvshell.dll
2008-05-16 14:01:00 1486848 --a------ C:\WINDOWS\system32\nview.dll
2008-05-16 14:01:00 1339392 --a------ C:\WINDOWS\system32\nvdspsch.exe
2008-05-16 14:01:00 442368 --a------ C:\WINDOWS\system32\nvappbar.exe
2008-05-16 14:01:00 425984 --a------ C:\WINDOWS\system32\keystone.exe


-- Registry Dump ---------------------------------------------------------------

*Note* empty entries & legit default entries are not shown


[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{100EB1FD-D03E-47FD-81F3-EE91287F9465}]
06/02/2008 13:13 1173024 --a------ C:\Program Files\ShoppingReport\Bin\2.5.0\ShoppingReport.dll

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"CTHelper"="CTHELPER.EXE" [11/08/2006 14:56 C:\WINDOWS\CTHELPER.EXE]
"CTxfiHlp"="CTXFIHLP.EXE" [11/08/2006 14:56 C:\WINDOWS\system32\CTXFIHLP.EXE]
"VTTimer"="VTTimer.exe" []
"VTTrayp"="VTtrayp.exe" []
"Adobe Reader Speed Launcher"="C:\Program Files\Adobe\Reader 8.0\Reader\Reader_sl.exe" [11/01/2008 22:16]
"GrooveMonitor"="C:\Program Files\Microsoft Office\Office12\GrooveMonitor.exe" [27/10/2006 00:47]
"NvCplDaemon"="C:\WINDOWS\system32\NvCpl.dll" [16/05/2008 14:01]
"nwiz"="nwiz.exe" [16/05/2008 14:01 C:\WINDOWS\system32\nwiz.exe]
"NvMediaCenter"="C:\WINDOWS\system32\NvMcTray.dll" [16/05/2008 14:01]
"KernelFaultCheck"="C:\WINDOWS\system32\dumprep 0 -k" []

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [14/04/2008 01:12]
"EPSON Stylus D92 Series"="C:\WINDOWS\System32\spool\DRIVERS\W32X86\3\E_FATIBZE.exe" [27/09/2006 04:00]
"NVIDIA nTune"="C:\Program Files\NVIDIA Corporation\nTune\nTuneCmd.exe" []
"Uniblue RegistryBooster 2"="C:\Program Files\Uniblue\RegistryBooster 2\RegistryBooster.exe" []

C:\Documents and Settings\All Users.WINDOWS\Start Menu\Programs\Startup\
Bluetooth.lnk - C:\Program Files\Belkin\Bluetooth Software\BTTray.exe [6/7/2006 5:05:38 PM]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableRegistryTools"=0 (0x0)
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"HideLegacyLogonScripts"=0 (0x0)
"HideLogoffScripts"=0 (0x0)
"RunLogonScriptSync"=1 (0x1)
"RunStartupScriptSync"=0 (0x0)
"HideStartupScripts"=0 (0x0)
"DisableRegistryTools"=0 (0x0)

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
@=

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\dimsntfy]
C:\WINDOWS\System32\dimsntfy.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\aawservice]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\vds]
@="Service"

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\{533C5B84-EC70-11D2-9505-00C04F79DEAF}]
@="Volume shadow copy"

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
eapsvcs eaphost
dot3svc dot3svc

HKEY_LOCAL_MACHINE\Software\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
napagent
hkmsvc




-- End of Deckard's System Scanner: finished at 2008-07-07 22:35:44 ------------

#7 Blerdus

Blerdus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 PM

Posted 07 July 2008 - 05:18 PM

O23 - Service: WYRPINGQ - Unknown owner - C:\DOCUME~1\Owner\LOCALS~1\Temp\WYRPINGQ.exe (file missing)

this file apperes to be from a malware removal utill.

#8 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 PM

Posted 09 July 2008 - 08:14 AM

Copy (Ctrl+C) and paste (Ctrl+V) the following text in the quote to Notepad. Save it as "All Files" and name it FixServices.bat. Please save it on your desktop.

@Echo off
sc stop WYRPINGQ
sc delete WYRPINGQ
del FixServices.bat

Double click FixServices.bat. A window will open and close. This is normal.

Click on Kaspersky Online Scanner

You will be prompted to install an ActiveX component from Kaspersky, Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives
    Scan Mail Bases
  • Click OK
  • Now under select a target to scan:Select My Computer
  • This will program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Save the file to your desktop.
  • Copy and paste that information in your next post.

Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#9 Blerdus

Blerdus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 PM

Posted 12 July 2008 - 03:37 PM

:thumbsup: here you go


Saturday, July 12, 2008
Operating System: Microsoft Windows XP Home Edition Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Friday, July 11, 2008 13:13:58
Records in database: 941844


Scan settings
Scan using the following database extended
Scan archives yes
Scan mail databases yes

Scan area My Computer
A:\
C:\
D:\
F:\
G:\
H:\
I:\
Z:\

Scan statistics
Files scanned 92234
Threat name 8
Infected objects 9
Suspicious objects 0
Duration of the scan 04:20:36

File name Threat name Threats count
C:\Documents and Settings\Owner\Local Settings\Application Data\Yahoo\Widget Engine\Unzipped\SpeedFan_Temperature_Monitor.widget\speedfan.widget\Contents\Resources\exe\speedread.exe Infected: Exploit.Win32.SQLexp.s 1

C:\Documents and Settings\Owner\My Documents\My Widgets\SpeedFan_Temperature_Monitor.widget Infected: Exploit.Win32.SQLexp.s 1

C:\Documents and Settings\Owner\My Documents\RegRun2\quarantine\LOGON.0XE Infected: Backdoor.Win32.Nepoe.ce 1

C:\QooBox\Quarantine\Registry_backups\Legacy_SROSA.reg.dat Infected: Trojan-Downloader.Win32.Bagle.hp 1

C:\steves downloads\games\the Sims\[PC GAMES] - The Sims 3 - ADULTS Only (Many Sex Items & Skins) NOT FOR KIDS.zip Infected: Backdoor.Win32.NetDevil.11.b 1

C:\steves downloads\utils\peer to peers\emule_speed_booster.exe Infected: not-a-virus:AdWare.Win32.Quick.a 1

C:\steves downloads\utils\peer to peers\emule_speed_booster.exe Infected: not-a-virus:AdWare.Win32.NewDotNet 1

C:\steves downloads\utils\peer to peers\mirc631.exe Infected: not-a-virus:Client-IRC.Win32.mIRC.631 1

C:\steves downloads\zips\Ghost Keylogger V3.40.zip Infected: Trojan-Spy.Win32.GhostKeyLogger.a 1

The selected area was scanned.

#10 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 PM

Posted 14 July 2008 - 07:50 PM

Follow these steps to uninstall Combofix and tools used in the removal of malware
  • Click START then RUN
  • Now type Combofix /u in the runbox and click OK. Note the space between the X and the U, it needs to be there.
    Posted Image
Kaspersky listed some programs that you have been downloaded, so it's your decision keep them or not.

Your computer is clean, any other problem?
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg

#11 Blerdus

Blerdus
  • Topic Starter

  • Members
  • 47 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:07:05 PM

Posted 15 July 2008 - 04:00 AM

no not really. appart from it keeps crashing and long ish boot
thanks for ur time.
steve

#12 RenatoMejias

RenatoMejias

  • Malware Response Team
  • 913 posts
  • OFFLINE
  •  
  • Gender:Male
  • Local time:03:05 PM

Posted 15 July 2008 - 08:50 PM

This thread will now be closed.
If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you.
Include the address of this thread in your request.
If you should have a new issue, please start a new topic.
This applies only to the original topic starter.
Everyone else please begin a New Topic.
Renato Victor Mejias
Malware help in portuguese
jetian6yw.jpg




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users