Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Help Computer infected - MS Auto Updates Disabled


  • Please log in to reply
2 replies to this topic

#1 sofiabpm

sofiabpm

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 10 December 2008 - 12:13 PM

I noticed few days ago that my computer is very slow and constantly getting pop up windows regardless on which browser I am.
I read and try to remove bunch of Trojan horses and Voondo viruses but it seems getting back to me.
I have CCleaner, AdsGone, SAV 10 and Spybot -ran them all in safe mode/normal mode but still it is there
I found Combo Fix tool and ran it today.
I would like someone to help me with the clean up.

Thanks in advance

BC AdBot (Login to Remove)

 


#2 sofiabpm

sofiabpm
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:10:26 AM

Posted 10 December 2008 - 12:26 PM

Here is the log:



ComboFix 08-12-09.03 - Administrator 2008-12-10 10:26:44.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.100 [GMT -6:00]
Running from: c:\documents and settings\Administrator\Desktop\ComboFix.exe
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\system32\ddcArQih.dll
c:\windows\system32\gdsvlwne.dll
c:\windows\system32\ghqmcfav.dll
c:\windows\system32\hiQrAcdd.ini
c:\windows\system32\hiQrAcdd.ini2
c:\windows\system32\laiufced.ini
c:\windows\system32\sfrlyjdp.ini
c:\windows\system32\vafcmqhg.ini
c:\windows\system32\yitxlt.dll

.
((((((((((((((((((((((((( Files Created from 2008-11-10 to 2008-12-10 )))))))))))))))))))))))))))))))
.

2008-12-10 10:39 . 2008-12-10 10:39 295,424 --a------ c:\windows\system32\yayyWnop.dll
2008-12-10 10:39 . 2008-12-10 10:39 369 --ahs---- c:\windows\system32\ponWyyay.ini2
2008-12-10 10:39 . 2008-12-10 10:42 369 --ahs---- c:\windows\system32\ponWyyay.ini
2008-12-09 14:38 . 2008-12-10 10:35 <DIR> d-------- c:\windows\system32\CatRoot2
2008-12-07 13:42 . 2008-10-16 14:07 23,576 --a------ c:\windows\system32\wuapi.dll.mui
2008-12-07 10:07 . 2008-12-07 10:16 <DIR> d-------- c:\program files\TeaTimer (Spybot - Search & Destroy)
2008-12-07 10:07 . 2008-12-07 10:16 <DIR> d-------- c:\program files\SDHelper (Spybot - Search & Destroy)
2008-12-07 10:07 . 2008-12-07 10:07 <DIR> d-------- c:\program files\Misc. Support Library (Spybot - Search & Destroy)
2008-12-07 10:07 . 2008-12-07 10:07 <DIR> d-------- c:\program files\File Scanner Library (Spybot - Search & Destroy)
2008-12-06 20:26 . 2008-12-06 20:26 36,864 --a------ c:\windows\system32\wvUMfdcA.dll
2008-11-29 12:10 . 2008-11-29 12:10 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Snapfish
2008-11-17 14:04 . 2008-11-17 14:04 2,306,113 --a------ c:\windows\system32\GPhotos.scr

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2008-12-10 16:38 --------- d-----w c:\program files\Symantec AntiVirus
2008-12-10 15:41 1,637 ----a-w C:\swlist.reg
2008-12-09 23:27 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2008-12-07 20:54 --------- d-----w c:\program files\SatelliteTVforPC
2008-12-07 20:53 --------- d-----w c:\program files\Yahoo!
2008-12-07 20:23 --------- d-----w c:\documents and settings\Administrator\Application Data\Skype
2008-12-07 20:18 --------- d-----w c:\documents and settings\Administrator\Application Data\skypePM
2008-12-07 20:02 --------- d-----w c:\program files\Spybot - Search & Destroy
2008-12-07 02:17 --------- d-----w c:\documents and settings\Administrator\Application Data\LimeWire
2008-12-06 23:43 --------- d-----w c:\program files\LimeWire
2008-12-04 02:59 --------- d-----w c:\program files\Google
2008-11-01 00:22 --------- d-----w c:\documents and settings\Administrator\Application Data\Juniper Networks
2008-10-24 11:10 453,632 ----a-w c:\windows\system32\drivers\mrxsmb.sys
2008-10-16 20:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 20:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 20:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 20:12 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 20:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 20:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 20:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 20:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-10 12:07 --------- d-----w c:\documents and settings\All Users\Application Data\Juniper Networks
2008-10-05 23:52 7,167 ----a-w c:\documents and settings\.limewire\downloads.dat
2008-10-05 23:52 381,561 ----a-w c:\documents and settings\.limewire\spam.dat
2008-10-05 23:52 1,089 ----a-w c:\documents and settings\.limewire\library.dat
2008-09-30 22:43 1,286,152 ----a-w c:\windows\system32\msxml4.dll
2008-09-15 11:57 1,846,016 ----a-w c:\windows\system32\win32k.sys
2007-12-29 16:05 32 ----a-w c:\documents and settings\All Users\Application Data\ezsid.dat
2007-03-11 03:28 62,808 ----a-w c:\documents and settings\Administrator\Application Data\GDIPFONTCACHEV1.DAT
2005-07-10 14:33 62,416 ----a-w c:\documents and settings\yanchev\Application Data\GDIPFONTCACHEV1.DAT
1989-12-12 16:10 1,060,000 --sh--r c:\windows\bkjjgaj.exe
1989-12-12 15:10 830,000 --sh--r c:\windows\cslgiwk.exe
1989-12-12 15:10 740,000 --sh--r c:\windows\wwsnhuz.exe
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{4BC5D57B-E4CA-4749-9871-76DFE10FCB8B}]
2008-12-10 10:39 295424 --a------ c:\windows\system32\yayyWnop.dll

[HKEY_LOCAL_MACHINE\~\Browser Helper Objects\{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}]
2008-12-06 20:26 36864 --a------ c:\windows\system32\wvUMfdcA.dll

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"DeeEnEs"="H:\DeeEnEs.exe" [2005-01-01 151552]
"SpybotSD TeaTimer"="c:\program files\Spybot - Search & Destroy\TeaTimer.exe" [2008-09-16 1833296]
"googletalk"="c:\program files\Google\Google Talk\googletalk.exe" [2007-01-01 3739648]
"NvMediaCenter"="c:\windows\system32\NVMCTRAY.DLL" [2003-07-28 49152]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2004-08-04 15360]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"UserFaultCheck"="c:\windows\system32\dumprep 0 -u" [X]
"KONICA MINOLTA PagePro 1350WStatusDisplay"="c:\windows\system32\MSTMON_Q.EXE" [2003-11-18 163840]
"EPSON Stylus CX6400"="c:\windows\System32\spool\DRIVERS\W32X86\3\E_S4I2L1.EXE" [2003-06-02 99840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2005-05-31 180269]
"DAEMON Tools-1033"="c:\program files\D-Tools\daemon.exe" [2004-08-22 81920]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2005-10-18 278528]
"NvCplDaemon"="c:\windows\system32\NvCpl.dll" [2003-07-28 4841472]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]
"OFFICEKB"="c:\program files\Micro Innovations\Keyboard\kbdap32a.EXE" [2006-12-26 383488]
"FLMOFFICE4DMOUSE"="c:\program files\Micro Innovations\Mouse\mouse32a.exe" [2006-12-26 356352]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"ViewMgr"="c:\program files\Viewpoint\Viewpoint Manager\ViewMgr.exe" [2007-01-04 112336]
"DAEMON Tools"="c:\program files\DAEMON Tools\daemon.exe" [2006-11-12 157592]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-09-01 282624]

c:\documents and settings\Administrator\Start Menu\Programs\Startup\
goScreen.lnk - c:\program files\goScreen\goScreen.exe [2005-12-18 409600]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
AdsGone 2006.lnk - c:\program files\AdsGone\adsgone.exe [2002-07-02 1372160]

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{6D794CB4-C7CD-4c6f-BFDC-9B77AFBDC02C}"= "c:\windows\system32\wvUMfdcA.dll" [2008-12-06 36864]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wvUMfdcA]
2008-12-06 20:26 36864 c:\windows\system32\wvUMfdcA.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=ygapzs.dll ktcsgx.dll gcqwue.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\drivers32]
"VIDC.I420"= i420vfw.dll
"VIDC.X264"= x264vfw.dll
"VIDC.HFYU"= huffyuv.dll
"vidc.i263"= i263_32.drv
"msacm.l3fhg"= mp3fhg.acm
"msacm.imc"= imc32.acm
"msacm.divxa32"= divxa32.acm

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 c:\windows\system32\yayyWnop

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Acrobat Assistant.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Acrobat Assistant.lnk
backup=c:\windows\pss\Acrobat Assistant.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Microsoft Office.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Microsoft Office.lnk
backup=c:\windows\pss\Microsoft Office.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Monitor Apache Servers.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Monitor Apache Servers.lnk
backup=c:\windows\pss\Monitor Apache Servers.lnkCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^SNMP Logging Client.lnk]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\SNMP Logging Client.lnk
backup=c:\windows\pss\SNMP Logging Client.lnkCommon Startup

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
--a------ 2005-03-04 02:36 36975 c:\program files\Java\jre1.5.0_02\bin\jusched.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Wise-FTP Scheduler]
--a------ 2003-08-29 16:35 1246720 c:\program files\AceBIT\WISE-FTP\WF_Scheduler.exe

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
--a------ 2007-08-30 17:43 4670704 c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\BluetoothAuthenticationAgent]
--a------ 2004-08-04 01:56 110592 c:\windows\system32\bthprops.cpl

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\nwiz]
--a------ 2003-07-28 15:19 323584 c:\windows\system32\nwiz.exe

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\AdsGone\\adsgone.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Google\\Google Talk\\googletalk.exe"=
"c:\\Program Files\\Xpress Mail\\Personal Edition\\XpressMailDesktopClient.exe"=
"c:\\Documents and Settings\\Administrator\\Desktop\\New Folder (3)\\WWLib\\WallWatcher.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\\Program Files\\Kazaa Lite Resurrection\\kazaalite.kpp"=
"c:\\WINDOWS\\system32\\ftp.exe"=
"c:\\Program Files\\AceBIT\\WISE-FTP\\wise_ftp.exe"=
"c:\\Program Files\\Microsoft Office\\Office10\\WINWORD.EXE"=
"c:\\Program Files\\SvS\\Log Viewer\\logview.exe"=
"c:\\Program Files\\SvS\\Log Viewer\\lvsnmp.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YServer.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\AR System\\User\\alert.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\uTorrent\\utorrent.exe"=
"c:\\Program Files\\Common Files\\Ahead\\Nero Web\\SetupX.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Core\\nero.exe"=
"c:\\Program Files\\Nero\\Nero 7\\Nero Home\\NeroHome.exe"=
"k:\\EDrive\\Program Files\\BitComet\\BitComet.exe"=
"c:\\Program Files\\RealVNC\\VNC4\\winvnc4.exe"=
"c:\\Program Files\\Syslogd\\Syslogd.exe"=
"c:\\Documents and Settings\\Administrator\\Application Data\\Juniper Networks\\Juniper Terminal Services Client\\dsTermServ.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"162:UDP"= 162:UDP:SNMP Trap
"123:UDP"= 123:UDP:Network Time Protocol
"3389:TCP"= 3389:TCP:@xpsp2res.dll,-22009
"9420:TCP"= 9420:TCP:Red Swoosh
"5000:UDP"= 5000:UDP:Red Swoosh
"32656:TCP"= 32656:TCP:kaaza

R2 MLPTDR_Q;MLPTDR_Q;\??\c:\windows\system32\MLPTDR_Q.SYS [2003-07-22 18848]
R2 Viewpoint Manager Service;Viewpoint Manager Service;"c:\program files\Viewpoint\Common\ViewpointService.exe" [2007-01-13 24652]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;\??\c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-12-07 99376]
R3 N100;Compaq Ethernet or Fast Ethernet NIC Driver;c:\windows\system32\DRIVERS\n100325.sys [2005-03-13 128000]
S2 IPSECEXT;Nortel Extranet Access Protocol;c:\windows\system32\DRIVERS\ipsecw2k.sys [2005-03-13 110848]
S3 ExtranetAccess;Contivity VPN Service;"c:\program files\Motorola MVP\Extranet_serv.exe" [2005-03-13 561152]
S3 SavRoam;SAVRoam;"c:\program files\Symantec AntiVirus\SavRoam.exe" [2005-11-15 169200]
.
Contents of the 'Scheduled Tasks' folder

2008-11-20 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-08-29 14:21]
.
- - - - ORPHANS REMOVED - - - -

BHO-{16B238D5-80DE-47CE-8F17-B3ECE2C2248D} - (no file)
BHO-{4C337B6B-32E1-4256-A248-805DF5FB54D6} - (no file)
BHO-{8ea59f2f-35ff-4b49-9dc9-de469dc1c891} - c:\windows\system32\yitxlt.dll
BHO-{B8A345FD-AA45-4604-8EDE-9D503EAE0BD4} - (no file)
BHO-{bb110eb1-bb69-4637-b25e-1a331b86117f} - (no file)
BHO-{D9270094-E6B2-4168-98AC-122ECC78F3C4} - c:\windows\system32\ddcArQih.dll


.
------- Supplementary Scan -------
.
mSearch Bar = about:blank
uInternet Settings,ProxyServer = wwwgate0.mot.com:1080
uInternet Settings,ProxyOverride = *.mot.com;il27rlx01;il27rlx01-admin;<local>
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &D&ownload &with BitComet - k:\edrive\Program Files\BitComet\BitComet.exe/AddLink.htm
IE: &D&ownload all video with BitComet - k:\edrive\Program Files\BitComet\BitComet.exe/AddVideo.htm
IE: &D&ownload all with BitComet - k:\edrive\Program Files\BitComet\BitComet.exe/AddAllLink.htm
IE: &Google Search
IE: &Translate English Word
IE: Add to Google Photos Screensa&ver - c:\windows\system32\GPhotos.scr/200
IE: Backward Links
IE: Cached Snapshot of Page
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office10\EXCEL.EXE/3000
IE: Similar Pages
IE: Translate Page into English
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\AdsGone\adsgone
IE: {{ECC5777A-6E88-BFCE-13CE-81F134789E7B} - c:\program files\AdsGone\adsgone -

O16 -: Microsoft XML Parser for Java - c:\windows\Downloaded Program Files\Microsoft XML Parser for Java.osd

O16 -: {15589FA1-C456-11CE-BF01-000000000000}

c:\windows\system32\mfc70u.dll - c:\program files\Windows Resource Kits\Tools\msvcr70.dll
c:\windows\system32\msvcr71.dll
c:\program files\Windows Resource Kits\Tools\msvcp70.dll
c:\windows\Downloaded Program Files\VideoViewerZH.dll
c:\windows\Downloaded Program Files\VideoViewerJA.dll
c:\windows\Downloaded Program Files\VideoViewerFR.dll
c:\windows\Downloaded Program Files\VideoViewerES.dll
c:\windows\Downloaded Program Files\VideoViewerDE.dll
c:\windows\Downloaded Program Files\AvctKeyboard.dll
c:\windows\Downloaded Program Files\AvctInterfaceViewer.dll
c:\windows\Downloaded Program Files\AvctInterfaceViewerImpl.dll
c:\windows\Downloaded Program Files\VideoViewer.ocx
O16 -: {43E4476A-6C11-4274-AFA4-DF665B26EAE0}
hxxps://il27imdb01-admin.cig.mot.com/plugins/vkvm/ActiveXVideoViewer.cab
c:\windows\Downloaded Program Files\ActiveXViewer.inf

c:\windows\Downloaded Program Files\xcliacc_x86.dll - O16 -: {9A04E3F0-3BB2-11D2-91E2-00C04FAEC46B}
hxxp://meet-amer.mot.com/ConferencingBin/xcliacc.cab
c:\windows\Downloaded Program Files\xcliacc.inf
FireFox -: Profile - c:\documents and settings\Administrator\Application Data\Mozilla\Firefox\Profiles\c99i3jn3.default\
FF -: plugin - c:\program files\Adobe\Acrobat 6.0\Acrobat\browser\nppdf32.dll
FF -: plugin - c:\program files\DivX\DivX Content Uploader\npUpload.dll
FF -: plugin - c:\program files\Google\Picasa3\npPicasa3.dll
FF -: plugin - c:\program files\Mozilla Firefox\plugins\npmozax.dll
FF -: plugin - c:\program files\Viewpoint\Viewpoint Media Player\npViewpoint.dll
FF -: plugin - c:\program files\Yahoo!\Shared\npYState.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2008-12-10 10:38:42
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...


c:\windows\system32\ponWyyay.ini 369 bytes
c:\windows\system32\ponWyyay.ini2 369 bytes
c:\windows\system32\yayyWnop.dll 295424 bytes executable

scan completed successfully
hidden files: 3

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(1152)
c:\windows\system32\wvUMfdcA.dll

- - - - - - - > 'explorer.exe'(256)
c:\windows\system32\xnydhrun.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Common Files\Symantec Shared\ccSetMgr.exe
c:\program files\Common Files\Symantec Shared\SPBBC\SPBBCSvc.exe
c:\program files\Common Files\Symantec Shared\ccEvtMgr.exe
c:\windows\system32\CTSVCCDA.EXE
c:\program files\Symantec AntiVirus\DefWatch.exe
c:\windows\system32\nvsvc32.exe
c:\program files\Symantec AntiVirus\Rtvscan.exe
c:\program files\RealVNC\VNC4\winvnc4.exe
c:\windows\system32\wscntfy.exe
c:\program files\iPod\bin\iPodService.exe
c:\program files\Symantec AntiVirus\DoScan.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
c:\windows\system32\rundll32.exe
.
**************************************************************************
.
Completion time: 2008-12-10 10:47:19 - machine was rebooted [Administrator]
ComboFix-quarantined-files.txt 2008-12-10 16:46:56
ComboFix2.txt 2008-12-09 20:05:49

Pre-Run: 22,721,273,856 bytes free
Post-Run: 22,760,202,240 bytes free

289 --- E O F --- 2008-12-09 20:41:05

#3 kahdah

kahdah

  • Security Colleague
  • 11,138 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Florida
  • Local time:12:26 PM

Posted 17 December 2008 - 07:43 AM

Hello sofiabpm

Welcome to BleepingComputer :thumbsup:
========================
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)

Please do not pm for help, post it in the forums instead.

If I am helping you and have not responded for 48 hours please send me a pm as I don't always get notifications.

My help is always free, however, if you would like to make a donation to me for the help I have provided please click here Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users