Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Malware Help Needed


  • This topic is locked This topic is locked
52 replies to this topic

#1 praveaen

praveaen

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ahmedabad
  • Local time:06:54 PM

Posted 15 September 2008 - 08:38 AM

I used adaware, spybot, bughunter, malwarebytes et al on top of spyware doctor and norton. Removed virtumonde and vundo many instances. Keeps coming back. Spybot tea timer keeps popping up with new entry permissions and denyign those still. Am posting my HJT log. Please help.
"
Logfile of Trend Micro HijackThis v2.0.2
Scan saved at 13:10:44, on 14-09-2008
Platform: Windows Vista SP1 (WinNT 6.00.1905)
MSIE: Internet Explorer v7.00 (7.00.6001.18000)
Boot mode: Normal

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\csrss.exe
C:\Windows\system32\wininit.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\lsm.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\SLsvc.exe
C:\Windows\system32\svchost.exe
C:\Windows\system32\svchost.exe
c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
C:\Windows\System32\spoolsv.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Windows\system32\svchost.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
c:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Windows\system32\svchost.exe
C:\Program Files\Spyware Doctor\pctsAuxs.exe
C:\Program Files\Spyware Doctor\pctsSvc.exe
C:\Program Files\Laplink Everywhere\ServerProxyService.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Program Files\Laplink\winShadow\shwSrvc.exe
C:\Windows\system32\SearchIndexer.exe
C:\Windows\system32\DRIVERS\xaudio.exe
C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
C:\Windows\system32\WUDFHost.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\taskeng.exe
C:\Windows\system32\Dwm.exe
C:\Windows\Explorer.EXE
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\Spyware Doctor\pctsTray.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
C:\Windows\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\ICO.EXE
C:\Program Files\Synaptics\SynTP\SynTPStart.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\Program Files\HP\QuickPlay\QPService.exe
C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\WINDOWS\System32\Pelmiced.exe
C:\WINDOWS\System32\hkcmd.exe
C:\WINDOWS\System32\igfxpers.exe
C:\Windows\system32\igfxsrvc.exe
C:\PROGRA~1\HEWLET~1\Shared\HPQTOA~1.EXE
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\Program Files\iPod\bin\iPodService.exe
\?\C:\Windows\system32\wbem\WMIADAP.EXE
C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
C:\Program Files\Symantec\LiveUpdate\AUPDATE.EXE
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Windows\system32\SearchProtocolHost.exe
C:\Windows\system32\SearchFilterHost.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Program Files\Symantec\LiveUpdate\LuCallbackProxy.exe
C:\Windows\system32\wbem\wmiprvse.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://go.microsoft.com/fwlink/?LinkId=54896
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = http://go.microsoft.com/fwlink/?LinkId=54896
R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://ie.redirect.hp.com/svs/rdr?TYPE=3&a...n&pf=laptop
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,SearchAssistant =
R0 - HKLM\Software\Microsoft\Internet Explorer\Search,CustomizeSearch =
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Window Title = SAI
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = *.local
R0 - HKCU\Software\Microsoft\Internet Explorer\Toolbar,LinksFolderName =
O2 - BHO: (no name) - {1E8A6170-7264-4D0F-BEAE-D42A53123C75} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\NppBho.dll
O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: (no name) - {7142A45A-56AF-4451-9AE7-337BB857E2A2} - C:\PROGRA~1\ADSCIS~1\ADSCIS~1.DLL
O2 - BHO: SSVHelper Class - {761497BB-D6F0-462C-B6EB-D4DAF1D92D43} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O2 - BHO: Windows Live Sign-in Helper - {9030D464-4C02-4ABF-8ECC-5164760863C6} - C:\Program Files\Common Files\Microsoft Shared\Windows Live\WindowsLiveLogin.dll
O2 - BHO: Google Toolbar Notifier BHO - {AF69DE43-7D58-4638-B6FA-CE66B5AD205D} - C:\Program Files\Google\GoogleToolbarNotifier\2.1.1119.1736\swg.dll
O2 - BHO: (no name) - {FDEEC8A7-B0B4-47AA-8491-71F338C964E0} - (no file)
O3 - Toolbar: Show Norton Toolbar - {90222687-F593-4738-B738-FBEE9C7B26DF} - c:\Program Files\Common Files\Symantec Shared\coShared\Browser\1.0\UIBHO.dll
O3 - Toolbar: (no name) - {866D0E2C-8CCE-4AAE-B9F4-59F245945691} - (no file)
O4 - HKLM\..\Run: [SynTPEnh] C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
O4 - HKLM\..\Run: [ISTray] "C:\Program Files\Spyware Doctor\pctsTray.exe"
O4 - HKLM\..\Run: [hpWirelessAssistant] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe
O4 - HKLM\..\Run: [Mouse Suite 98 Daemon] ICO.EXE
O4 - HKLM\..\Run: [SynTPStart] C:\Program Files\Synaptics\SynTP\SynTPStart.exe
O4 - HKLM\..\Run: [Windows Defender] %ProgramFiles%\Windows Defender\MSASCui.exe -hide
O4 - HKLM\..\Run: [osCheck] "c:\Program Files\Norton Internet Security\osCheck.exe"
O4 - HKLM\..\Run: [ccApp] "c:\Program Files\Common Files\Symantec Shared\ccApp.exe"
O4 - HKLM\..\Run: [QPService] "C:\Program Files\HP\QuickPlay\QPService.exe"
O4 - HKLM\..\Run: [WAWifiMessage] %ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\QTTask.exe" -atboottime
O4 - HKLM\..\Run: [AppleSyncNotifier] C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
O4 - HKLM\..\Run: [iTunesHelper] "C:\Program Files\iTunes\iTunesHelper.exe"
O4 - HKLM\..\Run: [IgfxTray] C:\Windows\system32\igfxtray.exe
O4 - HKLM\..\Run: [HotKeysCmds] C:\Windows\system32\hkcmd.exe
O4 - HKLM\..\Run: [Persistence] C:\Windows\system32\igfxpers.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [BitTorrent DNA] C:\Program Files\DNA\btdna.exe
O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present
O8 - Extra context menu item: Add to Google Photos Screensa&ver - res://C:\Windows\system32\GPhotos.scr/200
O8 - Extra context menu item: E&xport to Microsoft Excel - res://C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.6.0_04\bin\ssv.dll
O9 - Extra button: Research - {92780B25-18CC-41C8-B9BE-3C9C571A8263} - C:\PROGRA~1\MICROS~3\Office12\REFIEBAR.DLL
O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O9 - Extra 'Tools' menuitem: Spybot - Search & Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O10 - Unknown file in Winsock LSP: c:\windows\system32\wpclsp.dll
O13 - Gopher Prefix:
O16 - DPF: {0742B9EF-8C83-41CA-BFBA-830A59E23533} (Microsoft Data Collection Control) - https://support.microsoft.com/OAS/ActiveX/MSDcode.cab
O16 - DPF: {3860DD98-0549-4D50-AA72-5D17D200EE10} (Windows Live OneCare safety scanner control) - http://cdn.scan.onecare.live.com/resource/...n/wlscctrl2.cab
O16 - DPF: {A796D216-2DE1-4EA8-BABB-FE6E7C959098} (HPSDDX Class) - http://www.hp.com/cpso-support-new/SDD/hpsddObjSigned.cab
O20 - AppInit_DLLs: epnxbz.dll nxlelf.dll
O23 - Service: Lavasoft Ad-Aware Service (aawservice) - Lavasoft - C:\Program Files\Lavasoft\Ad-Aware\aawservice.exe
O23 - Service: AddFiltr - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\HP Quick Launch Buttons\AddFiltr.exe
O23 - Service: Apple Mobile Device - Apple Inc. - C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
O23 - Service: Automatic LiveUpdate Scheduler - Symantec Corporation - C:\Program Files\Symantec\LiveUpdate\ALUSchedulerSvc.exe
O23 - Service: Bonjour Service - Apple Inc. - C:\Program Files\Bonjour\mDNSResponder.exe
O23 - Service: Symantec Event Manager (ccEvtMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: Symantec Settings Manager (ccSetMgr) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: CyberLink Background Capture Service (CBCS) (CLCapSvc) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLCapSvc.exe
O23 - Service: CyberLink Task Scheduler (CTS) (CLSched) - Unknown owner - C:\Program Files\HP\QuickPlay\Kernel\TV\CLSched.exe
O23 - Service: Symantec Lic NetConnect service (CLTNetCnService) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: COM Host (comHost) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\VAScanner\comHost.exe
O23 - Service: Google Updater Service (gusvc) - Google - C:\Program Files\Google\Common\Google Updater\GoogleUpdaterService.exe
O23 - Service: HP Health Check Service - Hewlett-Packard - C:\Program Files\Hewlett-Packard\HP Health Check\hphc_service.exe
O23 - Service: hpqwmiex - Hewlett-Packard Development Company, L.P. - C:\Program Files\Hewlett-Packard\Shared\hpqwmiex.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Roxio\Roxio MyDVD Basic v9\InstallShield\Driver\1050\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: Symantec IS Password Validation (ISPwdSvc) - Symantec Corporation - c:\Program Files\Norton Internet Security\isPwdSvc.exe
O23 - Service: LightScribeService Direct Disc Labeling Service (LightScribeService) - Hewlett-Packard Company - c:\Program Files\Common Files\LightScribe\LSSrvc.exe
O23 - Service: LiveUpdate - Symantec Corporation - C:\PROGRA~1\Symantec\LIVEUP~1\LUCOMS~1.EXE
O23 - Service: LiveUpdate Notice Service Ex (LiveUpdate Notice Ex) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\ccSvcHst.exe
O23 - Service: LiveUpdate Notice Service - Symantec Corporation - C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe
O23 - Service: Remote Packet Capture Protocol v.0 (experimental) (rpcapd) - CACE Technologies - C:\Program Files\WinPcap\rpcapd.exe
O23 - Service: SBSD Security Center Service (SBSDWSCService) - Safer Networking Ltd. - C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe
O23 - Service: PC Tools Auxiliary Service (sdAuxService) - PC Tools - C:\Program Files\Spyware Doctor\pctsAuxs.exe
O23 - Service: PC Tools Security Service (sdCoreService) - PC Tools - C:\Program Files\Spyware Doctor\pctsSvc.exe
O23 - Service: ServerProxyService - Unknown owner - C:\Program Files\Laplink Everywhere\ServerProxyService.exe
O23 - Service: stllssvr - MicroVision Development, Inc. - C:\Program Files\Common Files\SureThing Shared\stllssvr.exe
O23 - Service: Symantec Core LC - Unknown owner - C:\Program Files\Common Files\Symantec Shared\CCPD-LC\symlcsvc.exe
O23 - Service: Symantec AppCore Service (SymAppCore) - Symantec Corporation - c:\Program Files\Common Files\Symantec Shared\AppCore\AppSvc32.exe
O23 - Service: @%SystemRoot%\System32\TuneUpDefragService.exe,-1 (TuneUp.Defrag) - TuneUp Software GmbH - C:\Windows\System32\TuneUpDefragService.exe
O23 - Service: winShadow - OmniCom Technologies - C:\Program Files\Laplink\winShadow\shwSrvc.exe
O23 - Service: XAudioService - Conexant Systems, Inc. - C:\Windows\system32\DRIVERS\xaudio.exe

--
End of file - 13446 bytes

Thanks to all.

BC AdBot (Login to Remove)

 


m

#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:24 PM

Posted 15 September 2008 - 03:59 PM

Hi,

Go to this page.
Enter the url of this thread in the first field.
Where it says, browse to the file that you want to submit, click the browse button next to it and browse to next file:

C:\PROGRA~1\ADSCIS~1\ADSCIS~1.DLL

This file is present in your C:\Program Files folder, in a subfolder starting with adscis....

Select it and click ok
Then click the Send File button below.

Then, I see you are running Teatimer.
I suggest you to disable it because it can interfere with the changes you'll make on your system.
When everything is done and your log is clean again, you can enable it again.
If teatimer gives you a warning afterwards that some changes were made, allow this instead of blocking it.
How to disable TeaTimer <== click me for instructions.
Then,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

This includes installing the Windows XP Recovery Console in case you have not installed it yet.

Post the log from ComboFix when you've accomplished that, along with a new HijackThis log.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 praveaen

praveaen
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ahmedabad
  • Local time:06:54 PM

Posted 16 September 2008 - 03:04 AM

Dear miekiemoes
Thanks a lot!
I have uploaded the dll file as you suggested and downloaded Combo Fix.
However, I have an HP Pavilion which came preloaded with Vista Home Premium. I have no CD.
What is the correct procedure to install the Recovery Console? How do I know if it is already installed?
In my laptop, the Recovery is usually run by the HP Recovery manager.
There is a recovery partition (c:\ system and d:\ restore).
As soon as I have this installed I will run teh Combo Fix and post the log for your kind perusal.
I thank you again.
Regards
Praveaen.

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:24 PM

Posted 16 September 2008 - 06:11 AM

Hi,

Since you have Vista, there's no need to install the Recovery Console :thumbsup:

Did you install that program AdScissors? (the file you uploaded) ?
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:24 PM

Posted 16 September 2008 - 07:44 AM

Extra note.... I searched for the adscissors install file on the internet, found it (main site is discontinued) and I didn't like the eula they presented during install.
To quote a part of the eula:

SOFTWARE INSTALLATION: Components bundled with our software may report to Licensor and/or its affiliates the installation status of certain marketing offers, such as toolbars, and also generalized installation information, such as language preference and operating system version, to assist Licensor in its product development. No personal information will be communicated to Licensor or its affiliates during this process. Licensor may offer additional components through our version checking/update system. These components include:
(a) "Internet Explorer Security Plugin 2006": Internet Explorer toolbar that protects your computer while you browse by setting high level of security for suspicious hosts.
(:thumbsup: "Public Messenger ver 2.03": Popup advertising module that opens Internet Explorer ad windows when you are connected to internet.
© "Internet Security Add-On": your Internet Explorer homepage will be changed.
(d) Security software: antivirus/antispyware application.

SOFTWARE UNINSTALLATION: Components bundled with our software may be uninstalled with the help of "Add or Remove Programs" tool in Windows Control Panel. To remove software or any of its components click on a component's name (see above) in the Add or Remove Programs list.

This means that the adscissors *may be bundled with above software (or getting updated with it). The above software is malware by the way (installs rogue programs). For example:
http://www.bleepingcomputer.com/uninstall/...lugin-2006.html
http://www.bleepingcomputer.com/uninstall/...r-ver-2.03.html
http://www.bleepingcomputer.com/uninstall/...ity-add-on.html

So I suggest you uninstall adscissors via software add&remove programs

Edited by miekiemoes, 16 September 2008 - 07:45 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#6 praveaen

praveaen
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ahmedabad
  • Local time:06:54 PM

Posted 17 September 2008 - 06:45 AM

Hi
Thanks
Yeah I do not know why or when I installed this thingy as I can easily get rid of the ad banners in yahoo on my own by regedit. Maybe a momentary lapse of reason.
I shall remove adscissors.
Do I still do the combo fix thing? Or you think I should remove adscissors and take another HJT log first and let you look at that?
Please advise.
Thank you so much.
:thumbsup:
P

#7 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:24 PM

Posted 17 September 2008 - 06:50 AM

Do I still do the combo fix thing? Or you think I should remove adscissors and take another HJT log first and let you look at that?
Please advise.

Yes, please run Combofix as there may be other leftovers still present.
But before you run Combofix, uninstall Adscissors first.

Don't forget to disable Teatimer, because it may interfere with removal/scans.

Edited by miekiemoes, 17 September 2008 - 06:50 AM.

AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#8 praveaen

praveaen
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ahmedabad
  • Local time:06:54 PM

Posted 17 September 2008 - 06:51 AM

PS
When I click on the right arrows on let us say the quick launch bar or the control panel etc. for menu tree, NOTHING HAPPENS! No menus. I suddenly get windows explorer has stopped working messages and then the whole desktop goes off and reappers again, also getting rundll32 file errors.
I hope I do not have to reformat.
Is it also because of this?
Thnx.
P

#9 praveaen

praveaen
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ahmedabad
  • Local time:06:54 PM

Posted 17 September 2008 - 06:54 AM

Thanks, will do.
Remove AdScissors... Done!
Disable Tea Timer... Done!
Now for the combofix and pasting it's log here. That will take time.
Thanks.
P.

#10 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:24 PM

Posted 17 September 2008 - 07:15 AM

Ok, I read you later :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#11 praveaen

praveaen
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ahmedabad
  • Local time:06:54 PM

Posted 17 September 2008 - 07:49 AM

Merci!

#12 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:24 PM

Posted 17 September 2008 - 08:46 AM

I always leave threads open for a week if no reply... :thumbsup:
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#13 praveaen

praveaen
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ahmedabad
  • Local time:06:54 PM

Posted 18 September 2008 - 08:25 AM

Hi!
Sorry I kind of postponed thinking combofix will take hours and couldn't keep work off for so long. As it happened it was like ten minutes.
Here is the log.
Please advise.
Thanks.
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++


ComboFix 08-09-16.05 - Praveaen 2008-09-18 18:44:20.1 - NTFSx86
Microsoft® Windows Vista™ Home Premium 6.0.6001.1.1252.1.1033.18.837 [GMT 5.5:30]
Running from: C:\Users\Praveaen\Desktop\ComboFix.exe
* Created a new restore point
.
/wow section not completed

((((((((((((((((((((((((( Files Created from 2008-08-18 to 2008-09-18 )))))))))))))))))))))))))))))))
.

2008-09-16 19:34 . 2007-11-27 16:32 108,336 --a------ C:\WINDOWS\System32\MSWINSCK.OCX
2008-09-16 18:39 . 2008-09-16 18:43 <DIR> d-------- C:\Users\All Users\Webcammax
2008-09-16 18:39 . 2008-09-16 18:43 <DIR> d-------- C:\ProgramData\Webcammax
2008-09-16 18:38 . 2008-09-16 18:41 <DIR> d-------- C:\Program Files\WebcamMax
2008-09-16 16:46 . 2008-09-16 16:46 <DIR> d-------- C:\Users\Praveaen\AppData\Roaming\SUPERAntiSpyware.com
2008-09-16 16:46 . 2008-09-16 16:46 <DIR> d-------- C:\Users\All Users\SUPERAntiSpyware.com
2008-09-16 16:46 . 2008-09-16 16:46 <DIR> d-------- C:\ProgramData\SUPERAntiSpyware.com
2008-09-16 16:46 . 2008-09-16 16:46 <DIR> d-------- C:\Program Files\SUPERAntiSpyware
2008-09-15 20:12 . 2008-09-15 20:45 <DIR> d-------- C:\Users\Praveaen\AppData\Roaming\Webcammax
2008-09-15 20:09 . 2008-03-11 18:44 941,784 --a------ C:\WINDOWS\System32\drivers\CAMTHWDM.sys
2008-09-15 19:21 . 2008-09-15 23:57 <DIR> d-------- C:\WINDOWS\BDOSCAN8
2008-09-14 13:09 . 2008-09-14 13:09 <DIR> d-------- C:\Program Files\Trend Micro
2008-09-13 23:09 . 2008-09-13 23:09 <DIR> d-------- C:\Program Files\Webcam Video Capture
2008-09-13 19:47 . 2008-09-13 19:47 <DIR> d-------- C:\Users\Praveaen\AppData\Roaming\Malwarebytes
2008-09-13 19:46 . 2008-09-13 19:46 <DIR> d-------- C:\Users\All Users\Malwarebytes
2008-09-13 19:46 . 2008-09-13 19:46 <DIR> d-------- C:\ProgramData\Malwarebytes
2008-09-13 19:46 . 2008-09-13 19:48 <DIR> d-------- C:\Program Files\Malwarebytes' Anti-Malware
2008-09-13 19:46 . 2008-09-10 00:04 38,528 --a------ C:\WINDOWS\System32\drivers\mbamswissarmy.sys
2008-09-13 19:46 . 2008-09-10 00:03 17,200 --a------ C:\WINDOWS\System32\drivers\mbam.sys
2008-09-12 17:15 . 2008-09-12 17:16 <DIR> d-------- C:\Users\Praveaen\AppData\Roaming\Camfrog
2008-09-12 17:15 . 2008-09-12 17:15 <DIR> d-------- C:\Program Files\Camfrog
2008-09-12 17:06 . 2008-09-13 16:09 <DIR> d-------- C:\Program Files\DNA
2008-09-12 17:04 . 2008-09-18 13:02 <DIR> d-------- C:\Program Files\AdScissors
2008-09-12 16:35 . 2008-09-12 16:35 <DIR> d-------- C:\Program Files\Windows Media Components
2008-09-11 21:10 . 2004-04-23 21:01 1,383,936 --a------ C:\WINDOWS\System32\vcl70.bpl
2008-09-11 21:10 . 2004-04-23 21:01 783,360 --a------ C:\WINDOWS\System32\rtl70.bpl
2008-09-11 21:10 . 2004-08-12 21:15 90,112 --a------ C:\WINDOWS\System32\YCrypt.dll
2008-09-11 19:58 . 2008-09-11 21:09 <DIR> d-------- C:\Program Files\YIntaiFx
2008-09-10 13:23 . 2008-09-10 13:23 <DIR> d----c--- C:\WINDOWS\System32\DRVSTORE
2008-09-10 13:23 . 2008-09-10 13:23 <DIR> d-------- C:\Users\All Users\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 13:23 . 2008-09-10 13:23 <DIR> d-------- C:\ProgramData\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-09-10 13:23 . 2008-09-10 13:23 <DIR> d-------- C:\Program Files\iTunes
2008-09-10 13:23 . 2008-09-10 13:23 <DIR> d-------- C:\Program Files\iPod
2008-09-10 13:23 . 2008-04-17 13:12 107,368 --a------ C:\WINDOWS\System32\GEARAspi.dll
2008-09-10 13:23 . 2008-04-17 13:12 15,464 --a------ C:\WINDOWS\System32\drivers\GEARAspiWDM.sys
2008-09-10 13:21 . 2008-09-10 13:21 <DIR> d-------- C:\Program Files\Bonjour
2008-09-10 12:53 . 2008-07-31 06:43 4,240,384 --a------ C:\WINDOWS\System32\GameUXLegacyGDFs.dll
2008-09-10 12:53 . 2008-07-31 09:02 28,160 --a------ C:\WINDOWS\System32\Apphlpdm.dll
2008-09-10 11:42 . 2008-06-26 08:59 303,616 --a------ C:\WINDOWS\System32\wmpeffects.dll
2008-09-10 11:40 . 2008-08-02 06:31 625,152 --a------ C:\WINDOWS\System32\drivers\dxgkrnl.sys
2008-09-10 11:40 . 2008-06-26 08:59 565,248 --a------ C:\WINDOWS\System32\emdmgmt.dll
2008-09-10 11:40 . 2008-05-09 00:51 211,968 --a------ C:\WINDOWS\System32\drivers\mrxsmb10.sys
2008-09-10 11:40 . 2008-05-20 07:37 148,480 --a------ C:\WINDOWS\System32\drivers\nwifi.sys
2008-09-10 11:40 . 2008-06-26 08:59 45,056 --a------ C:\WINDOWS\System32\dataclen.dll
2008-09-10 11:40 . 2008-08-02 08:56 36,864 --a------ C:\WINDOWS\System32\cdd.dll
2008-09-10 11:38 . 2008-09-10 11:38 54,156 --ah----- C:\WINDOWS\QTFont.qfn
2008-09-10 11:38 . 2008-09-10 11:38 1,409 --a------ C:\WINDOWS\QTFont.for
2008-09-08 15:53 . 2008-09-08 15:53 <DIR> d-------- C:\Users\Praveaen\AppData\Roaming\pdf995
2008-09-08 15:53 . 2008-09-08 15:53 28 --a------ C:\WINDOWS\pdf995.ini
2008-09-06 15:11 . 2008-09-17 23:19 <DIR> d-------- C:\Users\All Users\pdf995
2008-09-06 15:11 . 2008-09-17 23:19 <DIR> d-------- C:\ProgramData\pdf995
2008-09-06 15:11 . 2008-09-16 17:57 <DIR> d-------- C:\Program Files\pdf995
2008-09-06 15:11 . 2008-09-06 15:11 249,856 --a------ C:\WINDOWS\System32\pdfmona.dll
2008-09-06 15:11 . 2008-09-06 15:11 51,716 --a------ C:\WINDOWS\System32\pdf995mon.dll
2008-09-06 15:11 . 2008-09-16 17:57 161 --a------ C:\WINDOWS\wpd99.drv
2008-09-06 15:09 . 2008-09-06 15:09 90,112 --a------ C:\WINDOWS\System32\QuickTimeVR.qtx
2008-09-06 15:09 . 2008-09-06 15:09 57,344 --a------ C:\WINDOWS\System32\QuickTime.qts
2008-09-05 18:39 . 2008-09-05 18:39 <DIR> d-------- C:\Program Files\Windows Live Safety Center
2008-09-05 18:33 . 2008-09-05 18:33 <DIR> d-------- C:\Program Files\FreeLaunchBar
2008-09-05 17:40 . 2008-09-05 17:40 <DIR> d-------- C:\Users\Praveaen\AppData\Roaming\Uniblue
2008-09-05 17:00 . 2008-09-05 17:00 <DIR> d-------- C:\Program Files\Uniblue
2008-09-05 16:59 . 2008-09-05 17:00 <DIR> d--h-c--- C:\Users\All Users\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-09-05 16:59 . 2008-09-05 17:00 <DIR> d--h-c--- C:\ProgramData\{2840BBCB-9BEC-47F6-BA0F-10D3C34BF151}
2008-09-05 16:43 . 2008-09-05 16:43 356 --a------ C:\Users\Praveaen\resizeinternetexplorer.reg
2008-09-04 16:30 . 2008-09-04 16:30 <DIR> d-------- C:\Program Files\DupKiller
2008-09-04 15:35 . 2008-09-04 15:35 <DIR> d-------- C:\Program Files\Veign
2008-09-04 15:35 . 2003-11-11 20:59 200,704 --a------ C:\WINDOWS\System32\vbalExpBar6.ocx
2008-09-04 15:35 . 1999-10-30 02:00 167,936 --a------ C:\WINDOWS\System32\ccrpftv6.ocx
2008-09-04 15:35 . 2003-01-26 13:41 40,960 --a------ C:\WINDOWS\System32\SSubTmr6.dll
2008-09-04 15:35 . 2000-05-29 01:29 28,672 --a------ C:\WINDOWS\System32\DbgWProc.dll
2008-09-04 15:34 . 2008-09-04 15:35 <DIR> d-------- C:\seeker
2008-09-04 15:32 . 2004-11-10 01:50 34,470 --a------ C:\SRCHZIPR.DOC
2008-09-04 15:32 . 2004-11-10 01:50 23,954 --a------ C:\SRCHZIPR.EXE
2008-09-04 15:32 . 2004-11-10 01:50 8,329 --a------ C:\SRCHZR.XML
2008-09-02 15:42 . 2008-09-02 15:42 <DIR> d-------- C:\Program Files\Microsoft Script Debugger
2008-09-02 15:41 . 2008-09-02 15:41 <DIR> d-------- C:\Users\Praveaen\AppData\Roaming\Adersoft
2008-09-02 15:41 . 2008-09-02 15:41 <DIR> d-------- C:\Program Files\Vbsedit
2008-09-01 17:20 . 2008-09-01 17:20 <DIR> d-------- C:\smileys
2008-09-01 17:20 . 2008-09-02 13:21 <DIR> d-------- C:\ser
2008-09-01 17:20 . 2008-09-01 17:20 <DIR> d-------- C:\Custom2
2008-09-01 17:20 . 2008-09-01 17:20 <DIR> d-------- C:\Custom1
2008-09-01 17:19 . 2008-09-06 18:01 <DIR> d-------- C:\Program Files\YEmote2Plus
2008-09-01 16:48 . 2008-09-01 16:48 <DIR> d-------- C:\Program Files\Driver Magician
2008-09-01 16:48 . 2008-09-01 16:48 680,960 --a------ C:\WINDOWS\is-KA0P8.exe
2008-09-01 16:48 . 2004-09-28 11:13 526,184 --a------ C:\WINDOWS\System32\XceedCry.dll
2008-09-01 16:48 . 2005-01-12 11:19 456,536 --a------ C:\WINDOWS\System32\XCEEDZIP.DLL
2008-09-01 16:48 . 2004-03-09 00:00 224,016 --a------ C:\WINDOWS\System32\Tabctl32.ocx
2008-09-01 16:48 . 2004-03-09 00:00 132,880 --a------ C:\WINDOWS\System32\Msinet.ocx
2008-09-01 16:48 . 2004-08-11 15:55 110,602 --a------ C:\WINDOWS\System32\xcdsfx32.bin
2008-09-01 16:48 . 2008-09-01 16:48 10,453 --a------ C:\WINDOWS\is-KA0P8.msg
2008-09-01 16:48 . 2008-09-01 16:48 482 --a------ C:\WINDOWS\is-KA0P8.lst
2008-08-29 19:49 . 2008-08-29 19:49 <DIR> d-------- C:\Themes
2008-08-29 18:20 . 2008-08-29 18:37 <DIR> d-------- C:\Users\Praveaen\AppData\Roaming\YTK Lite
2008-08-29 10:18 . 2008-08-29 10:18 87,336 --a------ C:\WINDOWS\System32\dns-sd.exe
2008-08-29 09:53 . 2008-08-29 09:53 61,440 --a------ C:\WINDOWS\System32\dnssd.dll
2008-08-28 16:00 . 2008-08-28 16:00 <DIR> d-------- C:\Users\Praveaen\AppData\Roaming\Keynote
2008-08-28 15:59 . 2008-08-28 16:00 <DIR> d-------- C:\Program Files\Password Memory 2009
2008-08-28 15:59 . 2008-07-31 11:49 246,366 --a------ C:\netTools.jar
2008-08-27 19:47 . 2008-09-18 05:38 <DIR> d-------- C:\Program Files\YIntai
2008-08-27 13:34 . 2008-07-30 17:42 23,888 --a------ C:\WINDOWS\System32\drivers\COH_Mon.sys
2008-08-27 13:34 . 2008-07-30 17:28 10,537 --a------ C:\WINDOWS\System32\drivers\COH_Mon.cat
2008-08-27 13:34 . 2008-07-30 17:28 706 --a------ C:\WINDOWS\System32\drivers\COH_Mon.inf
2008-08-26 22:23 . 2008-01-22 19:19 1,799,038 --a------ C:\YIntaiSetup.exe
2008-08-25 19:23 . 2008-08-25 19:24 116 --a------ C:\WINDOWS\System32\lyricsjoy.cfg
2008-08-24 02:26 . 2008-08-24 02:27 31 --a------ C:\WINDOWS\e2eSoft.ini
2008-08-24 02:24 . 2006-07-05 01:47 196,608 --a------ C:\WINDOWS\System32\StudioProProp.ax
2008-08-24 02:24 . 2007-01-05 21:18 120,320 --a------ C:\WINDOWS\System32\drivers\StudioPro.sys
2008-08-24 02:24 . 2007-04-22 19:27 38,784 --a------ C:\WINDOWS\System32\drivers\vrtaucbl.sys
2008-08-23 17:53 . 2008-08-23 17:54 <DIR> d-------- C:\Program Files\PDFCreator
2008-08-23 17:53 . 2005-10-15 12:32 196,608 --a------ C:\WINDOWS\System32\pdfcmnnt.dll
2008-08-23 17:53 . 1998-06-24 00:00 137,000 --a------ C:\WINDOWS\System32\MSMAPI32.OCX
2008-08-23 17:53 . 1998-07-06 00:00 23,552 --a------ C:\WINDOWS\System32\MSMPIDE.DLL
2008-08-23 17:23 . 2008-08-23 17:23 164,136 --ah----- C:\WINDOWS\System32\mlfcache.dat
2008-08-23 16:00 . 2008-08-27 13:25 <DIR> d-------- C:\Program Files\Trillian
2008-08-23 15:59 . 2008-08-23 15:59 <DIR> d-------- C:\Program Files\Combined Community Codec Pack
2008-08-23 15:58 . 2008-08-23 15:59 <DIR> d-------- C:\Users\Praveaen\.musikproject
2008-08-23 15:58 . 2008-08-23 15:58 <DIR> d-------- C:\Program Files\musikCube_1.0
2008-08-23 15:49 . 2008-08-23 15:49 <DIR> d-------- C:\Users\Praveaen\AppData\Roaming\Media Player Classic
2008-08-20 17:13 . 2008-08-21 11:43 <DIR> d-------- C:\Users\Praveaen\RAVI DULANI
2008-08-20 16:52 . 2008-09-13 19:45 <DIR> d-------- C:\AV-CLS
2008-08-20 16:42 . 2008-08-20 16:43 <DIR> d-------- C:\Users\All Users\Rising
2008-08-20 16:42 . 2008-08-20 16:43 <DIR> d-------- C:\ProgramData\Rising
2008-08-20 16:42 . 2008-08-20 16:42 27 --a------ C:\WINDOWS\Language.ini
2008-08-20 16:42 . 2008-08-20 16:42 25 --a------ C:\WINDOWS\Rav.ini
2008-08-20 16:15 . 2008-08-20 16:15 <DIR> d-------- C:\Users\Praveaen\DoctorWeb

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-09-18 13:03 --------- d---a-w C:\ProgramData\TEMP
2008-09-18 08:43 --------- d-----w C:\ProgramData\Symantec
2008-09-18 07:48 --------- d-----w C:\Program Files\Spyware Doctor
2008-09-17 13:08 --------- d-----w C:\ProgramData\Google Updater
2008-09-16 14:05 --------- d-----w C:\Program Files\Buddy Spy
2008-09-16 11:15 --------- d-----w C:\Program Files\Common Files\Wise Installation Wizard
2008-09-14 10:26 --------- d-----w C:\Program Files\ZD Soft
2008-09-11 14:05 --------- d-----w C:\Program Files\Yahoo!
2008-09-11 12:09 174 --sha-w C:\Program Files\desktop.ini
2008-09-10 21:34 --------- d-----w C:\ProgramData\Microsoft Help
2008-09-10 07:53 --------- d-----w C:\ProgramData\Apple Computer
2008-09-10 07:50 --------- d-----w C:\Program Files\QuickTime
2008-09-10 07:50 --------- d-----w C:\Program Files\Common Files\Apple
2008-08-27 08:07 --------- d-----w C:\Program Files\Norton Internet Security
2008-08-27 07:49 --------- d-----w C:\Program Files\YIntaib
2008-08-27 07:48 --------- d-----w C:\Program Files\Oberon Media
2008-08-27 07:26 --------- d-----w C:\Program Files\Microsoft Works
2008-08-16 11:33 --------- d-----w C:\Program Files\Captured
2008-08-16 01:52 --------- d-----w C:\Program Files\Windows Mail
2008-08-15 19:02 0 ---ha-w C:\Windows\system32\drivers\Msft_User_WpdFs_01_00_00.Wdf
2008-08-15 15:24 --------- d-----w C:\Program Files\Google
2008-08-15 15:19 --------- d-----w C:\Program Files\DivX
2008-08-15 15:16 --------- d-----w C:\Program Files\Metasploit
2008-08-15 15:14 --------- d-----w C:\Program Files\VideoLAN
2008-08-14 10:56 --------- d-----w C:\Program Files\NuMega
2008-08-14 10:54 --------- d-----w C:\Users\Praveaen\AppData\Roaming\LimeWire
2008-08-14 08:17 --------- d-----w C:\Program Files\Fineware
2008-08-14 06:21 --------- d-----w C:\Program Files\Laplink Everywhere
2008-08-14 06:20 --------- d-----w C:\Program Files\Laplink
2008-08-14 06:20 --------- d-----w C:\Program Files\Common Files\InstallShield
2008-08-14 05:59 --------- d-----w C:\Users\Praveaen\AppData\Roaming\Apple Computer
2008-08-13 10:02 --------- d-----w C:\Users\Praveaen\AppData\Roaming\FreeCap
2008-08-13 07:27 --------- d-----w C:\Users\Praveaen\AppData\Roaming\vlc
2008-08-12 13:19 --------- d-----w C:\Program Files\VirtualDub
2008-08-12 13:01 --------- d-----w C:\Program Files\plugins
2008-08-12 11:25 --------- d-----w C:\ProgramData\Roxio
2008-08-12 11:24 --------- d-----w C:\Program Files\Common Files\Sonic Shared
2008-08-12 11:08 0 ----a-w C:\Users\Praveaen\AppData\Roaming\wklnhst.dat
2008-08-12 11:08 --------- d-----w C:\Users\Praveaen\AppData\Roaming\Template
2008-08-12 10:38 --------- d-----w C:\Program Files\Foxit Software
2008-08-12 09:34 --------- d-----w C:\Program Files\Windows Live
2008-08-11 15:18 --------- d-----w C:\Program Files\LimeWire
2008-08-11 13:27 --------- d-----w C:\ProgramData\WindowsSearch
2008-08-11 11:29 --------- d-----w C:\Program Files\Microsoft.NET
2008-08-10 16:44 --------- d-----w C:\Program Files\LimeWire Acceleration Patch
2008-08-10 16:11 --------- d-----w C:\Program Files\Cobian Backup 8
2008-08-07 08:47 --------- d-----w C:\Program Files\SP36869
2008-08-06 10:59 --------- d-----w C:\Users\Praveaen\AppData\Roaming\CyberLink
2008-08-05 11:54 --------- d-----w C:\ProgramData\Apple
2008-08-05 11:54 --------- d-----w C:\Program Files\Safari
2008-08-05 11:14 355,584 ----a-w C:\Windows\System32\TuneUpDefragService.exe
2008-08-05 11:14 --------- d-----w C:\Users\Praveaen\AppData\Roaming\TuneUp Software
2008-08-05 11:14 --------- d-----w C:\ProgramData\TuneUp Software
2008-08-05 11:14 --------- d-----w C:\Program Files\TuneUp Utilities 2008
2008-08-05 10:38 --------- d-----w C:\Program Files\Minilyrics
2008-08-05 08:37 --------- d-----w C:\Users\Praveaen\AppData\Roaming\Talkback
2008-08-05 06:58 --------- d-----w C:\Program Files\Sun
2008-08-05 06:58 --------- d-----w C:\Program Files\Java
2008-08-05 06:11 --------- d-----w C:\Users\Praveaen\AppData\Roaming\PC Tools
2008-08-04 08:37 --------- d-----w C:\Program Files\Windows Sidebar
2008-08-04 08:37 --------- d-----w C:\Program Files\Windows Photo Gallery
2008-08-04 08:37 --------- d-----w C:\Program Files\Windows Journal
2008-08-04 08:37 --------- d-----w C:\Program Files\Windows Collaboration
2008-08-04 08:37 --------- d-----w C:\Program Files\Windows Calendar
2008-08-04 08:36 --------- d-----w C:\Program Files\Windows Defender
2008-08-04 08:13 82,432 ----a-w C:\Windows\System32\axaltocm.dll
2008-08-04 08:13 101,888 ----a-w C:\Windows\System32\ifxcardm.dll
2008-08-02 13:28 --------- d-----w C:\ProgramData\Yahoo!
2008-08-02 11:24 --------- d-----w C:\Program Files\Microsoft CAPICOM 2.1.0.2
2008-08-02 11:22 --------- d-----w C:\Program Files\CONEXANT
2008-08-02 10:27 --------- dcsh--w C:\Program Files\Common Files\WindowsLiveInstaller
2008-08-02 10:20 --------- d-----w C:\ProgramData\WLInstaller
2008-08-02 08:17 --------- d-----w C:\Users\Praveaen\AppData\Roaming\HP
2008-08-02 08:17 --------- d-----w C:\ProgramData\HP
2008-08-02 03:34 --------- d-sh--w C:\ProgramData\Templates
2008-08-02 03:34 --------- d-sh--w C:\ProgramData\Start Menu
2008-08-02 03:34 --------- d-sh--w C:\ProgramData\Favorites
2008-08-02 03:34 --------- d-sh--w C:\ProgramData\Documents
2008-08-02 03:34 --------- d-sh--w C:\ProgramData\Desktop
2008-08-02 03:34 --------- d-sh--w C:\ProgramData\Application Data
2008-08-02 03:13 --------- d-----w C:\Program Files\Common Files\Symantec Shared
2008-08-02 02:43 7,964,672 ----a-w C:\Windows\System32\NlsLexicons0024.dll
2008-08-02 02:43 5,499,904 ----a-w C:\Windows\System32\NlsLexicons0022.dll
2008-08-02 02:43 2,136,064 ----a-w C:\Windows\System32\NlsLexicons0021.dll
2008-08-02 02:43 1,808,896 ----a-w C:\Windows\System32\NlsLexicons0046.dll
2008-08-02 02:43 1,793,536 ----a-w C:\Windows\System32\NlsLexicons0045.dll
2008-08-02 02:43 1,782,272 ----a-w C:\Windows\System32\NlsLexicons0039.dll
2008-08-02 02:43 1,558,016 ----a-w C:\Windows\System32\NlsLexicons0049.dll
2008-08-02 02:43 1,411,072 ----a-w C:\Windows\System32\NlsLexicons0047.dll
2008-08-02 02:43 1,236,992 ----a-w C:\Windows\System32\NlsLexicons0020.dll
2008-08-02 02:41 29,184 ----a-w C:\Windows\system32\drivers\BTHUSB.SYS
2008-08-02 02:41 220,160 ----a-w C:\Windows\system32\drivers\bthport.sys
2008-08-02 02:41 19,456 ----a-w C:\Windows\system32\drivers\bthenum.sys
2008-08-02 02:41 181,760 ----a-w C:\Windows\System32\fsquirt.exe
2008-08-02 02:39 988,216 ----a-w C:\Windows\System32\winload.exe
2008-08-02 02:39 927,288 ----a-w C:\Windows\System32\winresume.exe
2008-08-02 02:39 615,992 ----a-w C:\Windows\System32\ci.dll
2008-08-02 02:39 6,656 ----a-w C:\Windows\System32\kbd106n.dll
2008-08-02 02:39 46,592 ----a-w C:\Windows\System32\setbcdlocale.dll
2008-08-02 02:39 40,960 ----a-w C:\Windows\System32\srclient.dll
.
<pre>
----a-w		   325,204 2006-12-21 12:56:28  C:\SwSetup\SP34746\WCAMC\FW_210_Silence Install .exe
----a-w		 4,336,340 2008-09-17 11:31:25  C:\Users\Praveaen\Desktop\[u]0[/u]4. Phir Wohi Raat Hai .exe
</pre>


((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SUPERAntiSpyware"="C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-09-03 1576176]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SynTPEnh"="C:\Program Files\Synaptics\SynTP\SynTPEnh.exe" [2007-09-15 1021224]
"hpWirelessAssistant"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\HPWAMain.exe" [2007-01-10 472776]
"SynTPStart"="C:\Program Files\Synaptics\SynTP\SynTPStart.exe" [2007-09-15 102400]
"osCheck"="c:\Program Files\Norton Internet Security\osCheck.exe" [2006-10-27 22696]
"ccApp"="c:\Program Files\Common Files\Symantec Shared\ccApp.exe" [2006-10-25 107112]
"WAWifiMessage"="C:\Program Files\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe" [2007-01-10 317128]
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" [2008-09-06 413696]
"AppleSyncNotifier"="C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe" [2008-09-08 289576]
"IgfxTray"="C:\Windows\system32\igfxtray.exe" [2008-02-11 141848]
"HotKeysCmds"="C:\Windows\system32\hkcmd.exe" [2008-02-11 166424]
"Persistence"="C:\Windows\system32\igfxpers.exe" [2008-02-11 133656]
"Mouse Suite 98 Daemon"="ICO.EXE" [2006-11-03 C:\WINDOWS\System32\ICO.EXE]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"EnableLUA"= 0 (0x0)
"EnableUIADesktopToggle"= 0 (0x0)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"LogonHoursAction"= 2 (0x2)
"DontDisplayLogonHoursWarnings"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "C:\Program Files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-07-23 16:28 352256 C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=epnxbz.dll nxlelf.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.ZDSV"= scrvid.dll
"vidc.ffds"= C:\PROGRA~1\COMBIN~1\Filters\FFDShow\ff_vfw.dll

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run-]
"swg"=C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
"ISUSPM Startup"=C:\PROGRA~1\COMMON~1\INSTAL~1\UPDATE~1\isuspm.exe -startup
"LimeWire Acceleration Patch"=C:\ProgramData\Microsoft\Windows\Start Menu\Programs\LimeWire Acceleration Patch\LimeWire Acceleration Patch.lnk
"WMPNSCFG"=C:\Program Files\Windows Media Player\WMPNSCFG.exe
"Google Update"="C:\Users\Praveaen\AppData\Local\Google\Update\GoogleUpdate.exe" /c

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run-]
"AppleSyncNotifier"=C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe
"QuickTime Task"="C:\Program Files\QuickTime\QTTask.exe" -atboottime
"HP Software Update"=C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
"HP Health Check Scheduler"=C:\Program Files\Hewlett-Packard\HP Health Check\HPHC_Scheduler.exe
"QlbCtrl"=%ProgramFiles%\Hewlett-Packard\HP Quick Launch Buttons\QlbCtrl.exe /Start
"ISUSScheduler"="C:\Program Files\Common Files\InstallShield\UpdateService\issch.exe" -start
"iTunesHelper"="C:\Program Files\iTunes\iTunesHelper.exe"
"Symantec PIF AlertEng"="C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\PIFSvc.exe" /a /m "C:\Program Files\Common Files\Symantec Shared\PIF\{B8E1DD85-8582-4c61-B58F-2F227FCA9A08}\AlertEng.dll"
"WAWifiMessage"=%ProgramFiles%\Hewlett-Packard\HP Wireless Assistant\WiFiMsg.exe
"QPService"="C:\Program Files\HP\QuickPlay\QPService.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000001
"InternetSettingsDisableNotify"=dword:00000001
"AutoUpdateDisableNotify"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecFirewall]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\DomainProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\FirewallRules]
"{40C905C9-9E34-4BB2-847F-E60DE4BBC1A1}"= UDP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{715FA41C-9C16-437C-A3FD-9428E39375F7}"= TCP:C:\Program Files\HP\QuickPlay\QP.exe:QP
"{F2F326AB-B8A1-4D4D-B89D-475C9670B285}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{AD32B2CE-FD58-46F5-8227-1631D03811BA}"= UDP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{8D4993C9-2FED-4122-89F1-5D356AFF1B4F}"= TCP:C:\Program Files\Yahoo!\Messenger\YahooMessenger.exe:Yahoo! Messenger
"{3EFC3D42-1CB7-44B2-9EF1-FE372B35C77F}"= UDP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{3F1271D1-AB91-4000-A2CB-8549FE8B4EE9}"= TCP:C:\Program Files\Yahoo!\Messenger\YServer.exe:Yahoo! FT Server
"{C9994104-53D8-4894-8E63-90BB31FDAE12}"= C:\Program Files\Windows Live\Messenger\livecall.exe:Windows Live Messenger (Phone)
"{02308A2C-9860-4A22-8DBE-269B7632DACE}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{F034FAFD-2D68-4F21-BCC6-8B23FE68CF88}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{4D00ED28-25B5-4AFA-8F9C-A09FD0E6B03D}"= UDP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{3651566E-9579-4D87-AF26-0C5A1370BBF2}"= TCP:C:\Program Files\LimeWire\LimeWire.exe:LimeWire
"{CAF2E711-C8E0-4525-9C3F-4A7B1CFBE593}"= TCP:6004|C:\Program Files\Microsoft Office\Office12\outlook.exe:Microsoft Office Outlook
"{BA386C85-7287-49B1-9DA2-B80D41687F64}"= UDP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{02E677FE-B539-4DDE-970B-B5D27A7F23EF}"= TCP:C:\Program Files\Bonjour\mDNSResponder.exe:Bonjour
"{D54BEFFA-6F65-46D5-AE87-8D1888A11460}"= UDP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{6DF4AC0C-31CB-49B3-8B76-2D0862942F62}"= TCP:C:\Program Files\iTunes\iTunes.exe:iTunes
"{740E874F-2A73-43A8-82DC-C45FA392AD2B}"= UDP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent (TCP-In)
"{2D57C735-8119-4ED3-AB87-D28BEE0359A9}"= TCP:C:\Program Files\BitTorrent\bittorrent.exe:BitTorrent (UDP-In)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\PublicProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\StandardProfile\AUTHORIZEDAPPLICATIONS\LIST]
"C:\\AV-CLS\\WGET.EXE"= C:\AV-CLS\WGET.EXE:*:Enabled:WGET.EXE
"C:\\Program Files\\BitTorrent\\bittorrent.exe"= C:\Program Files\BitTorrent\bittorrent.exe:*:Enabled:BitTorrent

R0 nmfilter;DriverStudio Device Filter;C:\Windows\system32\DRIVERS\nmfilter.sys [2001-11-07 7568]
R0 Siwvid;Siwvid;C:\Windows\system32\drivers\Siwvid.sys [2001-11-07 119658]
R1 IDSvix86;Symantec Intrusion Prevention Driver;C:\PROGRA~2\Symantec\DEFINI~1\SymcData\idsdefs\20080917.005\IDSvix86.sys [2008-09-12 270384]
R2 CAMTHWDM;WebcamMax, WDM Video Capture;C:\Windows\system32\DRIVERS\CAMTHWDM.sys [2008-03-11 941784]
R2 DbgMsg;Debug Message;C:\Windows\system32\drivers\DbgMsg.sys [2001-11-07 18240]
R2 NPF;NetGroup Packet Filter Driver;C:\Windows\system32\drivers\npf.sys [2007-11-07 34064]
R2 SBSDWSCService;SBSD Security Center Service;C:\Program Files\Spybot - Search & Destroy\SDWinSec.exe [2008-07-07 809296]
R2 ServerProxyService;ServerProxyService;C:\Program Files\Laplink Everywhere\ServerProxyService.exe [2005-08-26 131072]
R2 UxTuneUp;TuneUp Theme Extension;C:\Windows\System32\svchost.exe [2008-01-19 21504]
R2 winShadow;winShadow;C:\Program Files\Laplink\winShadow\shwSrvc.exe [2005-08-26 274432]
R3 CnxtHdAudService;Conexant UAA Function Driver for High Definition Audio Service;C:\Windows\system32\drivers\CHDRT32.sys [2008-03-04 188416]
R3 scrcap;scrcap;C:\Windows\system32\DRIVERS\scrcap.sys [2006-12-27 9006]
R3 SYMNDISV;SYMNDISV;C:\Windows\system32\Drivers\SYMNDISV.SYS [2006-10-25 37008]
R3 tenCapture;tenCapture;C:\Windows\system32\DRIVERS\tenCapture.sys [2007-04-21 9344]
S2 StudioPro;StudioPro webcam;C:\Windows\system32\DRIVERS\StudioPro.sys [2007-01-05 120320]
S3 btwavdt;Bluetooth AVDT Service;C:\Windows\system32\DRIVERS\btwavdt.sys [2006-11-21 80176]
S3 EuMusDesignVirtualAudioCableWdm;StudioPro audio (WDM);C:\Windows\system32\DRIVERS\vrtaucbl.sys [2007-04-22 38784]
S3 Flash1;Flash1;C:\Program Files\SP36869\winphlash\Flash1.sys [2006-03-01 3456]
S3 NTice;NTice;C:\Windows\system32\drivers\NTice.sys [2001-11-07 1347462]
S3 ST50220;Sonix ST50220 USB Video Camera Driver;C:\Windows\system32\Drivers\ST50220.sys [2006-11-24 26752]
S3 TuneUp.Defrag;TuneUp Drive Defrag Service;C:\Windows\System32\TuneUpDefragService.exe [2008-08-05 355584]
S4 Siwsym;Siwsym;C:\Windows\system32\drivers\Siwsym.sys [2001-11-07 22900]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\svchost]
bthsvcs REG_MULTI_SZ BthServ

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Svchost - NetSvcs
UxTuneUp

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2701ed45-6e82-11dd-ab34-0016d39b1a31}]
\shell\AutoRun\command - tyktjfww.exe
\shell\explore\Command - tyktjfww.exe
\shell\open\Command - tyktjfww.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2701ed53-6e82-11dd-ab34-0016d39b1a31}]
\shell\AutoRun\command - tyktjfww.exe
\shell\explore\Command - tyktjfww.exe
\shell\open\Command - tyktjfww.exe

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{73c409c3-7efc-11dd-af0b-0016d39b1a31}]
\shell\AutoRun\command - G:\System\Security\DriveGuard.exe -run
\shell\Explore\Command - G:\System\Security\DriveGuard.exe -run
\shell\Open\Command - G:\System\Security\DriveGuard.exe -run

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{fea05534-713b-11dd-9bee-0016d39b1a31}]
\shell\AutoRun\command - D:\System\DriveGuard\DriveProtect.exe -run 
\shell\Explore\Command - D:\System\DriveGuard\DriveProtect.exe -run  
\shell\Open\Command - D:\System\DriveGuard\DriveProtect.exe -run 

*Newly Created Service* - CATCHME
*Newly Created Service* - COMHOST
*Newly Created Service* - PROCEXP90

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\{10880D85-AAD9-4558-ABDC-2AB1552D831F}]
"c:\Program Files\Common Files\LightScribe\LSRunOnce.exe"
.
Contents of the 'Scheduled Tasks' folder
.
.
------- Supplementary Scan -------
.
R0 -: HKCU-Main,Start Page = about:blank
R0 -: HKLM-Main,Start Page = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_IN&c=71&bd=Pavilion&pf=laptop
R1 -: HKCU-Internet Settings,ProxyOverride = *.local
O8 -: Add to Google Photos Screensa&ver - C:\Windows\system32\GPhotos.scr/200
O8 -: E&xport to Microsoft Excel - C:\PROGRA~1\MICROS~3\Office12\EXCEL.EXE/3000
.

**************************************************************************

catchme 0.3.1361 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-09-18 18:45:27
Windows 6.0.6001 Service Pack 1 NTFS

scanning hidden processes ...

[0] 0xBA97D2E6
[0] 0x9BC672EF
scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
Completion time: 2008-09-18 18:52:11
ComboFix-quarantined-files.txt 2008-09-18 13:22:02

Pre-Run: 66,973,732,864 bytes free
Post-Run: 66,921,459,712 bytes free

409 --- E O F --- 2008-09-11 07:28:03

#14 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:02:24 PM

Posted 18 September 2008 - 08:41 AM

Hi,

Navigate to and delete the following folder:

C:\Program Files\AdScissors

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2701ed53-6e82-11dd-ab34-0016d39b1a31}]

[-HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{2701ed45-6e82-11dd-ab34-0016d39b1a31}]

[HKEY_LOCAL_MACHINE\software\microsoft\security center]
"UacDisableNotify"=dword:00000000
"InternetSettingsDisableNotify"=dword:00000000
"AutoUpdateDisableNotify"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
(In case you are unsure how to create a reg file, take a look here with screenshots.)

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.
Then, Please run this online scan to help look for remnants.

Establish an internet connection & perform an online scan with Internet Explorer at Kaspersky Online Scanner

Click Accept, when prompted to download and install the program files and database of malware definitions.
  • Click Run at the Security prompt.
  • The program will then begin downloading and installing and will also update the database.
  • Please be patient as this can take several minutes.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.
  • Click the Save Report As... button.
  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply. Also post a new HijackThislog in your next reply
**Note**

To optimize scanning time and produce a more sensible report for review:
  • Close any open programs.
  • Turn off the real-time scanner of all antivirus or antispyware programs while performing the online scan.
Note for Internet Explorer 7 users: If at any time you have trouble viewing the accept button of the license, click on the Zoom tool located at the bottom right of the IE window and set the zoom to 75%. Once the license is accepted, reset to 100%.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#15 praveaen

praveaen
  • Topic Starter

  • Members
  • 30 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Ahmedabad
  • Local time:06:54 PM

Posted 18 September 2008 - 08:48 AM

I have also decided to uninstall norton as the subscription expires in 3 or 4 days. I will go for Zone Alarm Internet suite or Bit Defender Free. What would be your advise?
Zone Alarm is on my other laptop ( a MACBOOK) but on win xp on dual boot. While in XP zone alarm on that laptop suddenly shows some warning that COMPMddb or some such thing process is taking over MOUSE and Keyboard functions and system freezes.
I have to press power button down to shut down. Never seen that before. Would you be kind enough to look at the HJT log on that laptop as well?




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users