Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pc Hijacked With Fake Windows Security Alert


  • This topic is locked This topic is locked
14 replies to this topic

#1 croooow

croooow

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 08 September 2008 - 02:24 PM

Hello,

I have been getting pop ups like this:

Posted Image

stating "trojan-spy.win32.greenscreen", "trojan-spy.html.bankfraud.dq" or "trojan-downloader.win32.agent.bq"

Thanks in advance. Here is a fresh Hijackthis log:


Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 15:15:54, on 9/8/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\System32\SCardSvr.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\alg.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\Explorer.EXE
C:\Documents and Settings\All Users\Application Data\tktcnonm\dklirajk.exe
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\Windows Defender\MSASCui.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\WINDOWS\system32\taskswitch.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\WINDOWS\system32\zwbulalw.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\ping.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgttry.exe
C:\WINDOWS\system32\SNDVOL32.EXE
C:\WINDOWS\system32\wuauclt.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\Spyware\HijackThis.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [Windows Defender] "C:\Program Files\Windows Defender\MSASCui.exe" -hide
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [CoolSwitch] C:\WINDOWS\system32\taskswitch.exe
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [msgapp] C:\WINDOWS\system32\zwbulalw.exe
O4 - HKLM\..\Policies\Explorer\Run: [zzmPj5DiQn] C:\Documents and Settings\All Users\Application Data\tktcnonm\dklirajk.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: google.cmd
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C89E27C-DD69-44BB-A32E-4D093E859FB2} (strprint.trprints) - https://mcp.microsoft.com/mcp/tools/MCPTranscriptPrint.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vs.mcafeeasap.com/MC/ENU/VS40/bin/m...60504175614.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O21 - SSODL: WebSetSrv - {220681A9-1A85-8DA6-D5CA-06077B4B522E} - C:\Program Files\nwgpxjb\WebSetSrv.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

--
End of file - 10684 bytes


Edited by croooow, 08 September 2008 - 02:28 PM.


BC AdBot (Login to Remove)

 


#2 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 08 September 2008 - 04:01 PM

Hi

Please run a Kaspersky Online Scan

Please do an online scan with Kaspersky WebScanner

Click on Kaspersky Online Scanner

Click Accept

You will be promted to install an ActiveX component from Kaspersky,
Click Yes.
  • The program will launch and then begin downloading the latest definition files:
  • Once the files have been downloaded click on NEXT
  • Now click on Scan Settings
  • In the scan settings make sure that the following are selected:
    • Scan using the following Anti-Virus database:
    Extended (if available otherwise Standard)
    • Scan Options:
    Scan Archives Scan Mail Bases
  • Click OK
  • Now under select a target to scan: Select My Computer
  • The program will start and scan your system.
  • The scan will take a while so be patient and let it run.
  • Once the scan is complete it will display if your system has been infected.
    • Now click on the Save as Text button:
  • Once finished, save the log to your Desktop as filename KAV.txt
THEN ...

Please Download Malwarebytes' Anti-Malware from Here :-

http://www.majorgeeks.com/Malwarebytes_Ant...ware_d5756.html

or here :-

http://www.besttechie.net/tools/mbam-setup.exe

Double Click mbam-setup.exe to install the application.

* Make sure a checkmark is placed next to Update Malwarebytes' Anti-Malware and Launch Malwarebytes' Anti-Malware, then click Finish.
* If an update is found, it will download and install the latest version.
* Once the program has loaded, select "Perform Quick Scan", then click Scan.
* The scan may take some time to finish,so please be patient.
* When the scan is complete, click OK, then Show Results to view the results.
* Make sure that everything is checked, and click Remove Selected.
* When disinfection is completed, a log will open in Notepad and you may be prompted to Restart.
* The log is automatically saved by MBAM and can be viewed by clicking the Logs tab in MBAM.
* Copy and Paste the entire report in your next reply.

THEN ...

Please follow these directions to run Combofix & post a log.

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#3 croooow

croooow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 09 September 2008 - 09:31 AM

Thank you very much :thumbsup: . The Kaspersky Online Scan is running now Malwarebytes' Anti-Malware just finished and I restarted per it's prompting :)

I will post the Combofix log once I'm able to get through it.

Here is the MBAM log:

Malwarebytes' Anti-Malware 1.27
Database version: 1131
Windows 5.1.2600 Service Pack 3

9/9/2008 10:32:49 AM
mbam-log-2008-09-09 (10-32-49).txt

Scan type: Quick Scan
Objects scanned: 73644
Time elapsed: 21 minute(s), 8 second(s)

Memory Processes Infected: 1
Memory Modules Infected: 0
Registry Keys Infected: 6
Registry Values Infected: 5
Registry Data Items Infected: 0
Folders Infected: 3
Files Infected: 45

Memory Processes Infected:
C:\Documents and Settings\All Users\Application Data\tktcnonm\dklirajk.exe (Trojan.FakeAlert.H) -> Unloaded process successfully.

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_CLASSES_ROOT\CLSID\{220681a9-1a85-8da6-d5ca-06077b4b522e} (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Winlogon\Notify\logons (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\typelib (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\iTunesMusic (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SYSTEM\currentcontrolset\Services\rdriv (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\affltid (Malware.Trace) -> Quarantined and deleted successfully.

Registry Values Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\websetsrv (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\msgapp (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\coolswitch (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Policies\Explorer\Run\zzmpj5diqn (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\SystemCheck2 (Trojan.Agent) -> Quarantined and deleted successfully.

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
C:\Program Files\nwgpxjb (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\tktcnonm (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp (Fake.Dropped.Malware) -> Quarantined and deleted successfully.

Files Infected:
C:\Program Files\nwgpxjb\WebSetSrv.dll (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\zwbulalw.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\WINDOWS\system32\taskswitch.exe (Trojan.FakeAlert.H) -> Delete on reboot.
C:\Documents and Settings\All Users\Application Data\tktcnonm\dklirajk.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\smp\msrc.exe (Fake.Dropped.Malware) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mcrh.tmp (Malware.Trace) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\akttzn.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\anticipator.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\awtoolb.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bdn.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\bsva-egihsg52.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\dpcproxy.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hoproxy.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\hxiwlgpm.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msgp.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msnbho.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mssecu.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\msvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mtr2.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\mwin32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\netode.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\newsd32.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ps1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psof1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\psoft1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regc64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\regm64.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\Rundl1.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sncntr.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssurf022.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.com (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\ssvchost.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\sysreq.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.dat (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\taack.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\temp#01.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\thun32.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\VBIEWER.OCX (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vcatchpi.dll (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winlogonpc.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\winsystem.exe (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\WINWGPX.EXE (Trojan.Agent) -> Quarantined and deleted successfully.
C:\WINDOWS\system32\vbsys2.dll (Trojan.Clicker) -> Quarantined and deleted successfully.


Edited by croooow, 09 September 2008 - 10:40 AM.


#4 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 09 September 2008 - 04:13 PM

Hi

I await your Combofix log, & the KASPERSKY log if possible ( I know it can take a long time... several hours) :thumbsup:

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#5 croooow

croooow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 10 September 2008 - 03:00 PM

Sorry I'm taking so long:

The popups have stopped since I completed the Malwarebytes' Anti-Malware. So I am a happy camper. :thumbsup:

I have not had a chance to do the Combofix yet (I plan on doing it tonight), Also I had to stop the Kaspersky Online Scanner since it was slowing my PC while I was at work and had to get a couple things done. I will redo it but here is the log from the first time I did it before MBAM:


--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7 REPORT
Tuesday, September 9, 2008
Operating System: Microsoft Windows XP Professional Service Pack 3 (build 2600)
Kaspersky Online Scanner 7 version: 7.0.25.0
Program database last update: Tuesday, September 09, 2008 13:08:21
Records in database: 1203438
--------------------------------------------------------------------------------

Scan settings:
Scan using the following database: extended
Scan archives: yes
Scan mail databases: yes

Scan area - My Computer:
C:\
D:\
F:\
X:\

Scan statistics:
Files scanned: 21251
Threat name: 2
Infected objects: 2
Suspicious objects: 0
Duration of the scan: 00:45:48


File name / Threat name / Threats count
C:\WINDOWS\system32\zwbulalw.exe/C:\WINDOWS\system32\zwbulalw.exe Infected: Trojan.Win32.Obfuscated.gx 1
C:\Documents and Settings\Nick\Local Settings\Application Data\Microsoft\Outlook\Outlook.pst Infected: Trojan-Spy.HTML.Bayfraud.ln 1

The scan was stopped by the user.


Edited by croooow, 10 September 2008 - 03:50 PM.


#6 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 10 September 2008 - 03:31 PM

Hi

The first one :- C:\WINDOWS\system32\zwbulalw.exe

was deleted by Malwarebytes' Anti-Malware :thumbsup:

the second refers to a file which is most probably in your Outlook inbox ( it will need further investigation ...)

Trojan-Spy.HTML.Bayfraud.hn (Kaspersky Lab) is also known as: Phish-BankFraud.eml.a (McAfee), Trojan.Bankfraud (Doctor Web), HTML.Phishing.Bank-1 (ClamAV), HTML/Phishing.gen (Eset)

have a look here :-

http://www.viruslist.com/en/viruses/encycl...a?virusid=96581

If you've seen this e-mail or something similar in your inbox ... delete it ... DON'T click on any link it contains ... it's phishing

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#7 croooow

croooow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 10 September 2008 - 03:52 PM

I haven't seen one like that in a while, but I have never clicked on any of the links (usually eBay or paypal.com)

I'm running Kaspersky now and it's still at 0% (1119 files scanned, 0 threats, 0 infected, and 0 suspicious) after 28 minutes.

Edited by croooow, 10 September 2008 - 03:54 PM.


#8 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 10 September 2008 - 04:08 PM

Hi

It is a deep scan & is not uncommon to take up to 10 hours, I had one the other week that took 26 hours ( I was surprised they left it to complete) If you think it is going to take longer than you want to spend on a scan, by all means abort it & concentrate on the Combofix scan.

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#9 croooow

croooow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 11 September 2008 - 08:17 AM

Hello, Here is the ComboFix log I wasn't able to do it until this morning. I tried posting but got this message: "Sorry, your post was too long, please reduce it" here is a link to the .txt file

Again, thanks for your help! :thumbsup:

Edited by croooow, 11 September 2008 - 01:09 PM.


#10 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 11 September 2008 - 03:19 PM

HI

The Combofix log was exceptionally large due to an abnormally large snapshot section, which showed no malware

Are you running the KASPERSKY ONLINE SCAN ?

Please run a new Malwarebytes' Anti-Malware scan & post the new log

Also post a new hijackthis log please ...

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#11 croooow

croooow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 12 September 2008 - 10:46 AM

Since you said to abort Kaspersky Online Scan I skipped to the Combofix.

Here is the new MBAM log:


Malwarebytes' Anti-Malware 1.28
Database version: 1142
Windows 5.1.2600 Service Pack 3

9/12/2008 11:39:49 AM
mbam-log-2008-09-12 (11-39-49).txt

Scan type: Full Scan (C:\|)
Objects scanned: 148511
Time elapsed: 1 hour(s), 35 minute(s), 16 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)


And the new HijackThis log:

Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 11:44:56 AM, on 9/12/2008
Platform: Windows XP SP3 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.6000.16705)
Boot mode: Normal

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\Program Files\Windows Defender\MsMpEng.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\Microsoft SQL Server\MSSQL$MICROSOFTSMLBIZ\Binn\sqlservr.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe
C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtTry.exe
C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe
C:\Program Files\Apoint\Apoint.exe
C:\Program Files\Dell\QuickSet\Quickset.exe
C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe
C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe
C:\WINDOWS\System32\svchost.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Logitech\SetPoint\SetPoint.exe
C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
C:\Program Files\Apoint\HidFind.exe
C:\Program Files\Apoint\Apntex.exe
C:\Program Files\Common Files\Logishrd\KHAL2\KHALMNPR.EXE
C:\Program Files\iPod\bin\iPodService.exe
C:\Program Files\Common Files\Teleca Shared\Generic.exe
C:\Program Files\Sony Ericsson\Mobile2\Mobile Phone Monitor\epmworker.exe
C:\Program Files\Mozilla Firefox\firefox.exe
C:\WINDOWS\system32\wuauclt.exe
C:\Spyware\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = www.google.com/
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://go.microsoft.com/fwlink/?LinkId=69157
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://go.microsoft.com/fwlink/?LinkId=74005
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
O2 - BHO: (no name) - {02478D38-C3F9-4efb-9B51-7695ECA05670} - (no file)
O2 - BHO: Adobe PDF Reader Link Helper - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Common Files\Adobe\Acrobat\ActiveX\AcroIEHelper.dll
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O2 - BHO: Adobe PDF Conversion Toolbar Helper - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O3 - Toolbar: Adobe PDF - {47833539-D0C5-4125-9FA8-0819E2EAAC93} - C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [SunJavaUpdateSched] "C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe"
O4 - HKLM\..\Run: [MVS Splash] "C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe"
O4 - HKLM\..\Run: [McAfee Managed Services Tray] "C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe"
O4 - HKLM\..\Run: [IMJPMIG8.1] "C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" /Spoil /RemAdvDef /Migration32
O4 - HKLM\..\Run: [IMEKRMIG6.1] C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE
O4 - HKLM\..\Run: [MSPY2002] C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe /SYNC
O4 - HKLM\..\Run: [PHIME2002ASync] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /SYNC
O4 - HKLM\..\Run: [PHIME2002A] C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE /IMEName
O4 - HKLM\..\Run: [Acrobat Assistant 8.0] "C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe"
O4 - HKLM\..\Run: [Logitech Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [Apoint] C:\Program Files\Apoint\Apoint.exe
O4 - HKLM\..\Run: [Dell QuickSet] C:\Program Files\Dell\QuickSet\Quickset.exe
O4 - HKLM\..\Run: [Sony Ericsson PC Suite] "C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" /startoptions
O4 - HKLM\..\Run: [Kernel and Hardware Abstraction Layer] KHALMNPR.EXE
O4 - HKLM\..\Run: [SigmatelSysTrayApp] %ProgramFiles%\SigmaTel\C-Major Audio\WDM\stsystra.exe
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKUS\S-1-5-18\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'SYSTEM')
O4 - HKUS\.DEFAULT\..\Run: [DWQueuedReporting] "c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" -t (User 'Default user')
O4 - Startup: google.cmd
O4 - Global Startup: Logitech SetPoint.lnk = C:\Program Files\Logitech\SetPoint\SetPoint.exe
O8 - Extra context menu item: Append to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert link target to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert link target to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert selected links to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
O8 - Extra context menu item: Convert selected links to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
O8 - Extra context menu item: Convert selection to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: Convert selection to existing PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
O8 - Extra context menu item: Convert to Adobe PDF - res://C:\Program Files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~2\OFFICE11\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_07\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~2\OFFICE11\REFIEBAR.DLL
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O16 - DPF: {0C89E27C-DD69-44BB-A32E-4D093E859FB2} (strprint.trprints) - https://mcp.microsoft.com/mcp/tools/MCPTranscriptPrint.CAB
O16 - DPF: {30528230-99f7-4bb4-88d8-fa1d4f56a2ab} (YInstStarter Class) - C:\Program Files\Yahoo!\Common\yinsthelper.dll
O16 - DPF: {40C83AF8-FEA7-4A6A-A470-431EE84A0886} (SecureObjectFactory Class) - http://vs.mcafeeasap.com/MC/ENU/VS40/bin/m...60504175614.cab
O16 - DPF: {9732FB42-C321-11D1-836F-00A0C993F125} (mhLabel Class) - http://www.pcpitstop.com/mhLbl.cab
O16 - DPF: {A90A5822-F108-45AD-8482-9BC8B12DD539} (Crucial cpcScan) - http://www.crucial.com/controls/cpcScanner.cab
O16 - DPF: {FFBB3F3B-0A5A-4106-BE53-DFE1E2340CB1} (DownloadManager Control) - http://dlm.tools.akamai.com/dlmanager/vers...vex-2.2.1.6.cab
O23 - Service: Adobe LM Service - Unknown owner - C:\Program Files\Common Files\Adobe Systems Shared\Service\Adobelmsvc.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: EngineServer - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe
O23 - Service: FLEXnet Licensing Service - Macrovision Europe Ltd. - C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Logitech Bluetooth Service (LBTServ) - Logitech, Inc. - C:\Program Files\Common Files\Logishrd\Bluetooth\LBTServ.exe
O23 - Service: McShield - McAfee, Inc. - C:\PROGRA~1\McAfee\MANAGE~1\VScan\McShield.exe
O23 - Service: McAfee Virus and Spyware Protection Service (myAgtSvc) - McAfee, Inc. - C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe
O23 - Service: NICCONFIGSVC - Dell Inc. - C:\Program Files\Dell\QuickSet\NICCONFIGSVC.exe
O23 - Service: Pml Driver HPZ12 - HP - C:\WINDOWS\SYSTEM32\SPOOL\DRIVERS\W32X86\3\HPZipm12.exe

--
End of file - 9639 bytes



#12 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 12 September 2008 - 11:57 AM

HI

Looking good :thumbsup:

Please Download CCleaner from :-

http://www.filehippo.com/download_ccleaner/ (click the download tab)

During the installation be sure to UN-check the box for "Ccleaner Yahoo Toolbar" unless you want it.

doubleclick the ccsetup.exe file and install the program...

After installing, go to Start > programs > CCleaner > Options > Advanced > UNCHECK "Only delete files in Windows Temp folder older than 48 hours"

Make sure the "windows" tab is selected

Under "internet explorer" tick...

Temporary internet files
Cookies* > see Note below
History
Recently typed URL's
(leave this unticked if you DON'T want to clear the drop down list in the address window of IE)
Delete index.dat files
Last download location
Autocomplete form history


under "Windows explorer" these are optional, but you can safely tick them all if you wish, they are only "most recently used lists"

Other explorer MRU's
(leave this unticked if you DON'T want to clear lists such as the start\run list)

under "System"

Tick ALL these ...


under "Advanced"

no need to tick any of these (but you can if you want, and realise what they do)


Applications tab...

These will mostly clean out old log files for these applications...

Clean:- (if you use them)

Firefox/Mozilla (optional - leave the cookies - see note)
Opera
Sun Java
ZoneAlarm

...
Personally I clean everything in the applications tab... but you tick what you want...

Note: *If there are any cookies you want to keep (if you remove the cookie for a site you require a password for, you will need to re-enter your password when you next visit that site) ... click options > cookies > then keep the cookies you want.

click "analyse" if you want to see a list of what is going to be removed, before it is removed.

Or

click "run cleaner" to let it get on with it's work... clicking this will result in the following pop-up

"This process will permanently delete files from your system. Are you sure you wish to proceed?"

click OK.

-
Then please run Combofix again & post the log (it shouldn't be so big this time, so you should be able to paste it OK)

& if you have time, go ahead with the KASPERSKY ONLINE SCANNER (if you intend to abondon this completelt, please let me know)

How's the computer running now ?

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#13 croooow

croooow
  • Topic Starter

  • Members
  • 17 posts
  • OFFLINE
  •  
  • Local time:11:28 AM

Posted 12 September 2008 - 01:16 PM

The PC is running great. I'm really sorry about the Kaspersky Online Scan, I just have too much work to do to have it run that slowly for that long. I may try to run it overnight.

CCleaner has run and here is a new ComboFix log:


ComboFix 08-09-11.02 - Nick 2008-09-12 14:07:14.3 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.529 [GMT -4:00]
Running from: C:\Spyware\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((( Files Created from 2008-08-12 to 2008-09-12 )))))))))))))))))))))))))))))))
.

2008-09-12 09:55 . 2008-09-12 09:57 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-12 09:55 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\system32\drivers\mbamswissarmy.sys
2008-09-12 09:55 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\system32\drivers\mbam.sys
2008-09-12 07:19 . 2008-09-12 07:19 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Smith Micro
2008-09-12 06:52 . 2008-04-14 00:15 17,152 --a------ C:\WINDOWS\system32\drivers\usbohci.sys
2008-09-12 06:52 . 2008-04-14 00:15 17,152 --a------ C:\WINDOWS\system32\dllcache\usbohci.sys
2008-09-12 06:32 . 2008-09-12 06:32 <DIR> d-------- C:\Program Files\PANTECH
2008-09-12 06:32 . 2006-11-01 18:21 319,456 --a------ C:\WINDOWS\system32\DIFxAPI.dll
2008-09-12 06:32 . 2007-03-18 11:53 65,536 --a------ C:\WINDOWS\system32\pxfhwmcp.dll
2008-09-12 06:32 . 2007-04-30 20:30 58,240 --a------ C:\WINDOWS\system32\drivers\PTDCWWAN.sys
2008-09-12 06:32 . 2007-04-01 06:45 41,728 --a------ C:\WINDOWS\system32\drivers\PTDCMdm.sys
2008-09-12 06:32 . 2007-04-01 06:45 39,808 --a------ C:\WINDOWS\system32\drivers\PTDCVsp.sys
2008-09-12 06:32 . 2007-04-01 06:45 27,520 --a------ C:\WINDOWS\system32\drivers\PTDCBus.sys
2008-09-12 06:32 . 2007-01-11 04:30 14,336 --a------ C:\WINDOWS\system32\PTDCCID.dll
2008-09-12 06:31 . 2008-09-12 06:31 <DIR> d-------- C:\Program Files\Verizon Wireless
2008-09-09 16:15 . 2008-09-09 16:16 <DIR> d-------- C:\Program Files\iTunes
2008-09-09 16:15 . 2008-09-09 16:16 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-09 16:13 . 2008-09-09 16:13 <DIR> d-------- C:\Program Files\Bonjour
2008-09-09 10:09 . 2008-09-09 10:09 <DIR> d-------- C:\Documents and Settings\Nick\Application Data\Malwarebytes
2008-09-09 10:09 . 2008-09-09 10:09 <DIR> d-------- C:\Documents and Settings\All Users\Application Data\Malwarebytes
2008-09-08 15:35 . 2008-09-08 15:35 <DIR> d-------- C:\Program Files\TeaTimer (Spybot - Search & Destroy)
2008-09-08 15:14 . 2007-09-06 00:22 289,144 --a------ C:\WINDOWS\system32\VCCLSID.exe
2008-09-08 15:14 . 2006-04-27 17:49 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2008-09-08 15:14 . 2008-09-02 23:58 88,576 --a------ C:\WINDOWS\system32\AntiXPVSTFix.exe
2008-09-08 15:14 . 2008-09-02 16:51 86,528 --a------ C:\WINDOWS\system32\VACFix.exe
2008-09-08 15:14 . 2008-05-18 21:40 82,944 --a------ C:\WINDOWS\system32\IEDFix.exe
2008-09-08 15:14 . 2008-08-28 22:36 82,432 --a------ C:\WINDOWS\system32\IEDFix.C.exe
2008-09-08 15:14 . 2008-08-18 12:19 82,432 --a------ C:\WINDOWS\system32\404Fix.exe
2008-09-08 15:14 . 2004-07-31 18:50 51,200 --a------ C:\WINDOWS\system32\dumphive.exe
2008-09-08 15:14 . 2007-10-04 00:36 25,600 --a------ C:\WINDOWS\system32\WS2Fix.exe
2008-09-08 14:22 . 2008-09-08 16:42 <DIR> d-------- C:\Program Files\Enigma Software Group
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\system32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\system32\QuickTime.qts
2008-08-29 12:17 . 2008-08-29 12:18 <DIR> d-------- C:\Program Files\Safari
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\system32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\system32\dnssd.dll
2008-08-13 19:01 . 2008-05-01 10:33 331,776 --------- C:\WINDOWS\system32\dllcache\msadce.dll
2008-08-13 18:47 . 2008-04-11 15:04 691,712 --------- C:\WINDOWS\system32\dllcache\inetcomm.dll

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-12 18:06 --------- d-----w C:\Documents and Settings\Nick\Application Data\Azureus
2008-09-10 21:04 --------- d-----w C:\Program Files\Spybot - Search & Destroy
2008-09-10 13:56 --------- d-----w C:\Documents and Settings\All Users\Application Data\Spybot - Search & Destroy
2008-09-10 10:18 --------- d-----w C:\Documents and Settings\Nick\Application Data\Apple Computer
2008-09-09 20:15 --------- d-----w C:\Program Files\iPod
2008-09-09 20:12 --------- d-----w C:\Program Files\QuickTime
2008-09-09 20:11 --------- d-----w C:\Program Files\Common Files\Apple
2008-09-08 14:39 --------- d-----w C:\Program Files\Lavasoft
2008-09-08 14:33 --------- d-----w C:\Documents and Settings\All Users\Application Data\Lavasoft
2008-09-05 13:07 --------- d-----w C:\Documents and Settings\All Users\Application Data\DVD Shrink
2008-08-26 17:14 --------- d-----w C:\Program Files\Common Files\AOL
2008-08-26 17:14 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL
2008-08-22 12:44 --------- d-----w C:\Documents and Settings\All Users\Application Data\FLEXnet
2008-08-08 10:50 --------- d-----w C:\Program Files\Apple Software Update
2008-08-07 22:25 --------- d-----w C:\Program Files\DivX
2008-07-25 08:36 524,288 ----a-w C:\WINDOWS\system32\DivXsm.exe
2008-07-23 16:50 3,596,288 ----a-w C:\WINDOWS\system32\qt-dx331.dll
2008-07-23 16:48 200,704 ----a-w C:\WINDOWS\system32\ssldivx.dll
2008-07-23 16:48 1,044,480 ----a-w C:\WINDOWS\system32\libdivx.dll
2008-07-23 16:46 12,288 ----a-w C:\WINDOWS\system32\DivXWMPExtType.dll
2008-07-21 18:32 --------- d-----w C:\Documents and Settings\Nick\Application Data\Logitech
2008-07-21 18:30 --------- d--h--w C:\Program Files\InstallShield Installation Information
2008-07-21 18:30 --------- d-----w C:\Program Files\Logitech
2008-07-21 18:30 --------- d-----w C:\Program Files\Common Files\Logishrd
2008-07-21 18:30 --------- d-----w C:\Documents and Settings\All Users\Application Data\Logitech
2008-07-21 18:29 --------- d-----w C:\Documents and Settings\Nick\Application Data\InstallShield
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\dllcache\cdm.dll
2008-07-19 02:10 94,920 ----a-w C:\WINDOWS\system32\cdm.dll
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\wuauclt.exe
2008-07-19 02:10 53,448 ----a-w C:\WINDOWS\system32\dllcache\wuauclt.exe
2008-07-19 02:10 45,768 ----a-w C:\WINDOWS\system32\wups2.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\wups.dll
2008-07-19 02:10 36,552 ----a-w C:\WINDOWS\system32\dllcache\wups.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\wuapi.dll
2008-07-19 02:09 563,912 ----a-w C:\WINDOWS\system32\dllcache\wuapi.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\wucltui.dll
2008-07-19 02:09 325,832 ----a-w C:\WINDOWS\system32\dllcache\wucltui.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\wuweb.dll
2008-07-19 02:09 205,000 ----a-w C:\WINDOWS\system32\dllcache\wuweb.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\wuaueng.dll
2008-07-19 02:09 1,811,656 ----a-w C:\WINDOWS\system32\dllcache\wuaueng.dll
2008-07-07 20:26 253,952 ----a-w C:\WINDOWS\system32\es.dll
2008-07-07 20:26 253,952 ------w C:\WINDOWS\system32\dllcache\es.dll
2008-06-24 22:12 295,936 ----a-w C:\WINDOWS\system32\wmpeffects.dll
2008-06-24 16:43 74,240 ----a-w C:\WINDOWS\system32\mscms.dll
2008-06-24 16:43 74,240 ------w C:\WINDOWS\system32\dllcache\mscms.dll
2008-06-24 14:57 3,592,192 ----a-w C:\WINDOWS\system32\dllcache\mshtml.dll
2008-06-23 09:20 70,656 ------w C:\WINDOWS\system32\dllcache\ie4uinit.exe
2008-06-23 09:20 625,664 ------w C:\WINDOWS\system32\dllcache\iexplore.exe
2008-06-23 09:20 13,824 ------w C:\WINDOWS\system32\dllcache\ieudinit.exe
2008-06-21 05:23 161,792 ------w C:\WINDOWS\system32\dllcache\ieakui.dll
2008-06-20 17:46 245,248 ----a-w C:\WINDOWS\system32\mswsock.dll
2008-06-20 17:46 245,248 ------w C:\WINDOWS\system32\dllcache\mswsock.dll
2008-06-20 17:46 147,968 ------w C:\WINDOWS\system32\dllcache\dnsapi.dll
2008-06-20 11:51 361,600 ------w C:\WINDOWS\system32\dllcache\tcpip.sys
2008-06-20 11:40 138,496 ------w C:\WINDOWS\system32\dllcache\afd.sys
2008-06-20 11:08 225,856 ------w C:\WINDOWS\system32\dllcache\tcpip6.sys
2008-06-13 11:05 272,128 ------w C:\WINDOWS\system32\dllcache\bthport.sys
2008-01-14 04:09 20 -c-h--w C:\Documents and Settings\All Users\Application Data\PKP_DLdu.DAT
2008-05-15 17:38 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008051520080516\index.dat
2008-05-15 17:38 32,768 --sha-w C:\WINDOWS\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
.

((((((((((((((((((((((((((((( snapshot_2008-09-11_ 9.02.46.40 )))))))))))))))))))))))))))))))))))))))))
.
- 2008-09-11 12:56:32 80,978 ----a-w C:\WINDOWS\system32\perfc009.dat
+ 2008-09-12 12:26:40 80,978 ----a-w C:\WINDOWS\system32\perfc009.dat
- 2008-09-11 12:56:32 464,268 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-12 12:26:40 464,268 ----a-w C:\WINDOWS\system32\perfh009.dat
+ 2008-09-12 12:22:33 16,384 ------w C:\WINDOWS\Temp\Perflib_Perfdata_2d8.dat
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2008-04-14 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]
"MVS Splash"="C:\Program Files\McAfee\Managed VirusScan\Agent\Splash.exe" [2008-01-22 468288]
"McAfee Managed Services Tray"="C:\Program Files\McAfee\Managed VirusScan\Agent\StartMyagtTry.exe" [2008-01-22 87360]
"IMJPMIG8.1"="C:\WINDOWS\IME\imjp8_1\IMJPMIG.EXE" [2004-08-04 208952]
"IMEKRMIG6.1"="C:\WINDOWS\ime\imkr6_1\IMEKRMIG.EXE" [2004-08-04 44032]
"MSPY2002"="C:\WINDOWS\system32\IME\PINTLGNT\ImScInst.exe" [2004-08-04 59392]
"PHIME2002ASync"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"PHIME2002A"="C:\WINDOWS\system32\IME\TINTLGNT\TINTSETP.EXE" [2004-08-04 455168]
"Acrobat Assistant 8.0"="C:\Program Files\Adobe\Acrobat 8.0\Acrobat\Acrotray.exe" [2008-01-11 623992]
"Apoint"="C:\Program Files\Apoint\Apoint.exe" [2005-10-07 176128]
"Dell QuickSet"="C:\Program Files\Dell\QuickSet\Quickset.exe" [2006-06-29 1032192]
"Sony Ericsson PC Suite"="C:\Program Files\Sony Ericsson\Mobile2\Application Launcher\Application Launcher.exe" [2007-06-13 528384]
"SigmatelSysTrayApp"="C:\Program Files\SigmaTel\C-Major Audio\WDM\stsystra.exe" [2007-05-10 405504]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"Logitech Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]
"Kernel and Hardware Abstraction Layer"="KHALMNPR.EXE" [2008-02-29 C:\WINDOWS\KHALMNPR.Exe]

[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"DWQueuedReporting"="c:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 39264]

C:\Documents and Settings\Mommy\Start Menu\Programs\Startup\
Nikon Monitor.lnk - C:\Program Files\Common Files\Nikon\Monitor\NkMonitor.exe [2007-05-15 479232]

C:\Documents and Settings\Nick\Start Menu\Programs\Startup\
google.cmd [2008-06-30 18]

C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Logitech SetPoint.lnk - C:\Program Files\Logitech\SetPoint\SetPoint.exe [2008-07-21 805392]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"DisableCAD"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\LBTWlgn]
2008-05-02 02:42 72208 c:\Program Files\Common Files\Logishrd\Bluetooth\LBTWLgn.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\WdfLoadGroup]
@=""

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\McAfeeAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"C:\\Program Files\\Azureus\\Azureus.exe"=
"C:\\Program Files\\McAfee\\Managed VirusScan\\Agent\\myAgtSvc.exe"=
"C:\\Program Files\\Trillian\\trillian.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"%windir%\\system32\\sessmgr.exe"=
"C:\\Program Files\\QuickTime\\QuickTimePlayer.exe"=
"C:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"C:\\Program Files\\iTunes\\iTunes.exe"=

R2 EngineServer;EngineServer;C:\Program Files\McAfee\Managed VirusScan\VScan\EngineServer.exe [2007-12-01 14144]
R2 myAgtSvc;McAfee Virus and Spyware Protection Service;C:\Program Files\McAfee\Managed VirusScan\Agent\myAgtSvc.exe [2008-01-22 169280]
R2 NetProbe;NetProbe Packet Driver;C:\WINDOWS\system32\DRIVERS\netprobe.sys [2007-01-31 5365]
S3 FANTOM;LEGO MINDSTORMS NXT Driver;C:\WINDOWS\system32\DRIVERS\fantom.sys [2006-03-10 39424]
S3 JumpShot;Lexar Media USB Compact Flash Driver;C:\WINDOWS\system32\DRIVERS\LEXAR2K.SYS [2001-10-19 16969]
S3 PsSdk30;PsSdk30;C:\WINDOWS\system32\Drivers\PsSdk30.drv [ ]
S3 PTDCBus;PANTECH PC Card Composite Device Driver (UDP);C:\WINDOWS\system32\DRIVERS\PTDCBus.sys [2007-04-01 27520]
S3 PTDCMdm;PANTECH PC Card Drivers (UDP);C:\WINDOWS\system32\DRIVERS\PTDCMdm.sys [2007-04-01 41728]
S3 PTDCVsp;PANTECH PC Card Diagnostic Serial Port (UDP);C:\WINDOWS\system32\DRIVERS\PTDCVsp.sys [2007-04-01 39808]
S3 PTDCWWAN;PANTECH PC Card WWAN Controller device driver;C:\WINDOWS\system32\DRIVERS\PTDCWWAN.sys [2007-04-30 58240]
S3 s125bus;Sony Ericsson Device 125 driver (WDM);C:\WINDOWS\system32\DRIVERS\s125bus.sys [2007-04-24 83336]
S3 s125mdfl;Sony Ericsson Device 125 USB WMC Modem Filter;C:\WINDOWS\system32\DRIVERS\s125mdfl.sys [2007-04-24 15112]
S3 s125mdm;Sony Ericsson Device 125 USB WMC Modem Driver;C:\WINDOWS\system32\DRIVERS\s125mdm.sys [2007-04-24 108680]
S3 s125mgmt;Sony Ericsson Device 125 USB WMC Device Management Drivers (WDM);C:\WINDOWS\system32\DRIVERS\s125mgmt.sys [2007-04-24 100488]
S3 s125obex;Sony Ericsson Device 125 USB WMC OBEX Interface;C:\WINDOWS\system32\DRIVERS\s125obex.sys [2007-04-24 98696]
S3 USBVSP;USBVSP;C:\WINDOWS\system32\drivers\Usbvsp.sys [ ]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\##dimension4600#mybook]
\Shell\AutoRun\command - wd_windows_tools\WDEULA.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{d8a2bbbc-3435-11dd-92a5-001302a0382f}]
\Shell\AutoRun\command - E:\wd_windows_tools\WDEULA.exe
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
FireFox -: Profile - C:\Documents and Settings\Nick\Application Data\Mozilla\Firefox\Profiles\jjpaz46l.default\
FireFox -: prefs.js - STARTUP.HOMEPAGE - hxxp://en-US.start2.mozilla.com/firefox?client=firefox-a&rls=org.mozilla:en-US:official
FF -: plugin - C:\Program Files\iTunes\Mozilla Plugins\npitunes.dll
FF -: plugin - C:\Program Files\Mozilla Firefox\plugins\npunagi2.dll
FF -: plugin - C:\Program Files\Yahoo!\Common\npyaxmpb.dll
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-12 14:11:40
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************

[HKEY_LOCAL_MACHINE\system\ControlSet001\Services\PsSdk30]
"ImagePath"="\??\C:\WINDOWS\system32\Drivers\PsSdk30.drv"
.
Completion time: 2008-09-12 14:13:11
ComboFix-quarantined-files.txt 2008-09-12 18:12:57

Pre-Run: 21,341,454,336 bytes free
Post-Run: 21,322,678,272 bytes free

218 --- E O F --- 2008-09-10 07:03:25


Edited by croooow, 12 September 2008 - 01:18 PM.


#14 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 12 September 2008 - 02:41 PM

Hi

Excellent your log is now clean :thumbsup:

I'm really sorry about the Kaspersky Online Scan, I just have too much work to do to have it run that slowly for that long. I may try to run it overnight.


I entirely understand, it can take forever on some computers ...

I'll leave Your thread open for a couple of weeks at least, so that you can post the scan if you are able to get it :)

Go to Start > Run > copy and paste ComboFix /u into the Open: box & press OK

Posted Image

This will uninstall Combofix, delete any of its related folders and files (Qoobox, VundoFix Backups, Avenger, Deckard, _OTMoveIt), reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Please Have a look here at ways to keep your computer safe :-

Simple steps to keep your computer secure! By Grinler > http://www.bleepingcomputer.com/forums/t/1628/simple-steps-to-keep-your-computer-secure/

& here :-

So how did I get infected in the first place? By TonyKlein > http://forums.spybot.info/showthread.php?t=279

Happy surfing :)

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image

#15 steamwiz

steamwiz

  • Members
  • 1,039 posts
  • OFFLINE
  •  
  • Local time:03:28 PM

Posted 28 September 2008 - 03:48 PM

As this thread is resolved, :thumbsup: it is now locked.

If the original poster would like it re-opened, please send me a PM with a link to this thread.

cheers

steam
MICROSOFT MVP - Windows Security 2004/9
member of ASAP since 2004
member of U.N.I.T.E

If I have helped you, please consider a small donation to help me continue my online fight in the war against malware Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users