Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Vundo Trojan Infection


  • This topic is locked This topic is locked
8 replies to this topic

#1 stys82

stys82

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 12 January 2009 - 11:02 PM

Hello All
My computer has been infected with the Vundo Trojan. I have ran VundoFix.exe, MBAM, and SuperAnti Spyware. I am left with one registry key, MS Juan which none of the programs I have tried have been able to delete. I've also tried to remove the key manually w/ no success. Here are my MBAM and DDS log files:

_____________________________________________________________________________________________

DDS (Ver_09-01-07.01) - NTFSx86
Run by Taryn Stys at 20:46:56.07 on Mon 01/12/2009
Internet Explorer: 7.0.5730.11 BrowserJavaVersion: 1.6.0_11
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1339 [GMT -7:00]

AV: Symantec AntiVirus Corporate Edition *On-access scanning enabled* (Updated)

============== Running Processes ===============

C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\system32\svchost -k DcomLaunch
svchost.exe
C:\WINDOWS\System32\svchost.exe -k netsvcs
svchost.exe
svchost.exe
C:\Program Files\Common Files\Symantec Shared\ccSetMgr.exe
C:\Program Files\Common Files\Symantec Shared\ccEvtMgr.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\system32\LEXPPS.EXE
C:\Program Files\Common Files\Apple\Mobile Device Support\bin\AppleMobileDeviceService.exe
C:\Program Files\Bonjour\mDNSResponder.exe
C:\Program Files\Symantec AntiVirus\DefWatch.exe
C:\Program Files\Java\jre6\bin\jqs.exe
C:\Program Files\Common Files\LightScribe\LSSrvc.exe
C:\Program Files\OpenCase\OpenCASE Media Agent\MediaAgent.exe
C:\WINDOWS\system32\Ati2evxx.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdController.exe
C:\WINDOWS\system32\svchost.exe -k imgsvc
C:\Program Files\RosettaStoneLtdServices\RosettaStoneLtdServer.exe
C:\Program Files\Symantec AntiVirus\Rtvscan.exe
C:\Program Files\ATI Technologies\ATI Control Panel\atiptaxx.exe
C:\Program Files\Synaptics\SynTP\SynTPLpr.exe
C:\Program Files\Synaptics\SynTP\SynTPEnh.exe
C:\Program Files\HPQ\Quick Launch Buttons\EabServr.exe
C:\WINDOWS\system32\spool\drivers\w32x86\3\hpztsb04.exe
C:\WINDOWS\system32\hphmon03.exe
C:\Program Files\Common Files\Symantec Shared\ccApp.exe
C:\PROGRA~1\SYMANT~1\VPTray.exe
C:\Program Files\Java\jre6\bin\jusched.exe
C:\Program Files\StorageSync\StrgSync.exe
C:\Program Files\Hp\HP Software Update\HPWuSchd2.exe
C:\Program Files\Common Files\Real\Update_OB\realsched.exe
C:\Program Files\QuickTime\QTTask.exe
C:\Program Files\iTunes\iTunesHelper.exe
C:\Program Files\Lexmark 1200 Series\lxczbmgr.exe
C:\Program Files\Lexmark 1200 Series\lxczbmon.exe
C:\Program Files\Messenger\msmsgs.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\Ahead\Lib\NMBgMonitor.exe
C:\Program Files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe
C:\Program Files\Microsoft ActiveSync\Wcescomm.exe
C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
C:\PROGRA~1\MI3AA1~1\rapimgr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.exe
C:\Program Files\Common Files\Ahead\Lib\NMIndexStoreSvr.exe
C:\Program Files\OpenOffice.org 3\program\soffice.bin
C:\WINDOWS\system32\wscntfy.exe
C:\Program Files\iPod\bin\iPodService.exe
C:\WINDOWS\System32\svchost.exe -k HTTPFilter
C:\Program Files\Mozilla Firefox 3 Beta 2\firefox.exe
C:\Program Files\Trend Micro\HijackThis\HijackThis.exe
C:\Documents and Settings\Taryn Stys\My Documents\Downloads\dds.scr

============== Pseudo HJT Report ===============

uSearch Page = hxxp://www.google.com
uSearch Bar = hxxp://home.peoplepc.com/search
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
mSearchAssistant = hxxp://home.peoplepc.com/search
uURLSearchHooks: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: &Yahoo! Toolbar Helper: {02478d38-c3f9-4efb-9b51-7695eca05670} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
BHO: NoExplorer - No File
BHO: RealPlayer Download and Record Plugin for Internet Explorer: {3049c3e9-b461-4bc5-8870-4c09146192ca} - c:\program files\real\realplayer\rpbrowserrecordplugin.dll
BHO: Java™ Plug-In SSV Helper: {761497bb-d6f0-462c-b6eb-d4daf1d92d43} - c:\program files\java\jre6\bin\ssv.dll
BHO: Google Toolbar Helper: {aa58ed58-01dd-4d91-8333-cf10577473f7} - c:\program files\google\googletoolbar3.dll
BHO: Google Toolbar Notifier BHO: {af69de43-7d58-4638-b6fa-ce66b5ad205d} - c:\program files\google\googletoolbarnotifier\3.1.807.1746\swg.dll
BHO: Java™ Plug-In 2 SSV Helper: {dbc80044-a445-435b-bc74-9c25c1c588a9} - c:\program files\java\jre6\bin\jp2ssv.dll
TB: &Google: {2318c2b1-4965-11d4-9b18-009027a5cd4f} - c:\program files\google\googletoolbar3.dll
TB: Yahoo! Toolbar: {ef99bd32-c1fb-11d2-892f-0090271d4f88} - c:\program files\yahoo!\companion\installs\cpn0\yt.dll
TB: MSN Toolbar: {1e61ed7c-7cb8-49d6-b9e9-ab4c880c8414} - c:\program files\msn\toolbar\3.0.0988.2\msneshellx.dll
TB: {4982D40A-C53B-4615-B15B-B5B5E98D167C} - No File
TB: {F0F8ECBE-D460-4B34-B007-56A92E8F84A7} - No File
TB: {A8FB8EB3-183B-4598-924D-86F0E5E37085} - No File
TB: {604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - No File
EB: Real.com: {fe54fa40-d68c-11d2-98fa-00c0f0318afe} - c:\windows\system32\Shdocvw.dll
uRun: [MSMSGS] "c:\program files\messenger\msmsgs.exe" /background
uRun: [ctfmon.exe] c:\windows\system32\ctfmon.exe
uRun: [BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}] "c:\program files\common files\ahead\lib\NMBgMonitor.exe"
uRun: [swg] c:\program files\google\googletoolbarnotifier\GoogleToolbarNotifier.exe
uRun: [H/PC Connection Agent] "c:\program files\microsoft activesync\Wcescomm.exe"
uRun: [FLV Downloader] c:\program files\moyea\youtube flv downloader\FLVDownloader.exe
uRun: [SUPERAntiSpyware] c:\program files\superantispyware\SUPERAntiSpyware.exe
mRun: [ATIPTA] c:\program files\ati technologies\ati control panel\atiptaxx.exe
mRun: [SynTPLpr] c:\program files\synaptics\syntp\SynTPLpr.exe
mRun: [SynTPEnh] c:\program files\synaptics\syntp\SynTPEnh.exe
mRun: [eabconfg.cpl] c:\program files\hpq\quick launch buttons\EabServr.exe /Start
mRun: [LSBWatcher] c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe
mRun: [Cpqset] c:\program files\hpq\default settings\cpqset.exe
mRun: [HPDJ Taskbar Utility] c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe
mRun: [HPHmon03] c:\windows\system32\hphmon03.exe
mRun: [ccApp] "c:\program files\common files\symantec shared\ccApp.exe"
mRun: [vptray] c:\progra~1\symant~1\VPTray.exe
mRun: [masqform.exe] c:\program files\imt_viewer\masqform.exe -RunOnce
mRun: [NeroFilterCheck] c:\program files\common files\ahead\lib\NeroCheck.exe
mRun: [Adobe Photo Downloader] "c:\program files\adobe\photoshop album starter edition\3.2\apps\apdproxy.exe"
mRun: [SunJavaUpdateSched] "c:\program files\java\jre6\bin\jusched.exe"
mRun: [StrgSync.exe] c:\program files\storagesync\StrgSync.exe -w
mRun: [HP Software Update] c:\program files\hp\hp software update\HPWuSchd2.exe
mRun: [TkBellExe] "c:\program files\common files\real\update_ob\realsched.exe" -osboot
mRun: [AppleSyncNotifier] c:\program files\common files\apple\mobile device support\bin\AppleSyncNotifier.exe
mRun: [QuickTime Task] "c:\program files\quicktime\QTTask.exe" -atboottime
mRun: [iTunesHelper] "c:\program files\itunes\iTunesHelper.exe"
mRun: [Lexmark 1200 Series] "c:\program files\lexmark 1200 series\lxczbmgr.exe"
mRun: [Adobe Reader Speed Launcher] "c:\program files\adobe\reader 9.0\reader\Reader_sl.exe"
StartupFolder: c:\docume~1\taryns~1\startm~1\programs\startup\openof~1.lnk - c:\program files\openoffice.org 3\program\quickstart.exe
uPolicies-explorer: SecurityTab = 1 (0x1)
IE: &AOL Toolbar search - c:\program files\aol toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\micros~4\office11\EXCEL.EXE/3000
IE: StumbleUpon: &Blog This - StumbleUponIEBar.dll/blogimage
IE: {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe
IE: {FB5F1910-F110-11d2-BB9E-00C04F795683} - c:\program files\messenger\msmsgs.exe
IE: {2EAF5BB1-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {2EAF5BB2-070F-11D3-9307-00C04FAE2D4F} - {2EAF5BB0-070F-11D3-9307-00C04FAE2D4F} - c:\progra~1\mi3aa1~1\INetRepl.dll
IE: {CD67F990-D8E9-11d2-98FE-00C0F0318AFE} - {FE54FA40-D68C-11d2-98FA-00C0F0318AFE} - c:\windows\system32\Shdocvw.dll
Trusted Zone: af.mil\mail.langley
Trusted Zone: stumbleupon.com
TCP: {413227F0-2EA2-4DF4-88F4-621B73F678D2} = 208.67.222.222,208.67.220.222
Notify: !SASWinLogon - c:\program files\superantispyware\SASWINLO.dll
Notify: AtiExtEvent - Ati2evxx.dll
Notify: NavLogon - c:\windows\system32\NavLogon.dll
AppInit_DLLs: vyllvb.dll
SSODL: WPDShServiceObj - {AAA288BA-9A4C-45B0-95D7-94D524869DB5} - c:\windows\system32\WPDShServiceObj.dll
SEH: SABShellExecuteHook Class: {5ae067d3-9afb-48e0-853a-ebb7f4a000da} - c:\program files\superantispyware\SASSEH.DLL

================= FIREFOX ===================

FF - ProfilePath - c:\docume~1\taryns~1\applic~1\mozilla\firefox\profiles\gm4t3akt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/|http://mail.google.com/mail/#inbox|http://www.yahoo.com/
FF - plugin: c:\documents and settings\taryn stys\application data\mozilla\firefox\profiles\gm4t3akt.default\extensions\moveplayer@movenetworks.com\platform\winnt_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\progra~1\gradke~1\dbsign~1\lib\npDBsignWeb.dll
FF - plugin: c:\program files\viewpoint\viewpoint experience technology\npViewpoint.dll

============= SERVICES / DRIVERS ===============

R1 SASDIFSV;SASDIFSV;c:\program files\superantispyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\superantispyware\SASKUTIL.SYS [2008-12-22 55024]
R1 SAVRT;SAVRT;c:\program files\symantec antivirus\savrt.sys [2005-8-26 334984]
R1 SAVRTPEL;SAVRTPEL;c:\program files\symantec antivirus\Savrtpel.sys [2005-8-26 53896]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2007-5-13 8576]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\common files\symantec shared\eengine\EraserUtilRebootDrv.sys [2008-9-6 99376]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-3-22 200192]
R3 NAVENG;NAVENG;c:\progra~1\common~1\symant~1\virusd~1\20090109.003\naveng.sys [2009-1-9 89104]
R3 NAVEX15;NAVEX15;c:\progra~1\common~1\symant~1\virusd~1\20090109.003\navex15.sys [2009-1-9 876112]
R3 SASENUM;SASENUM;c:\program files\superantispyware\SASENUM.SYS [2008-12-22 7408]
R4 ccEvtMgr;Symantec Event Manager;c:\program files\common files\symantec shared\ccEvtMgr.exe [2005-10-4 185968]
R4 ccSetMgr;Symantec Settings Manager;c:\program files\common files\symantec shared\ccSetMgr.exe [2005-10-4 177776]
R4 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\opencase\opencase media agent\MediaAgent.exe [2007-6-19 597640]
R4 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files\rosettastoneltdservices\RosettaStoneLtdController.exe [2008-9-16 352312]
R4 Symantec AntiVirus;Symantec AntiVirus;c:\program files\symantec antivirus\Rtvscan.exe [2005-11-15 1756912]
S3 ccPwdSvc;Symantec Password Validation;c:\program files\common files\symantec shared\ccPwdSvc.exe [2005-10-4 83568]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2001-10-25 18864]
S3 DzlUsb;Dazzle DVC USB Device;c:\windows\system32\drivers\DzlUsb.sys [2007-1-1 62032]
S3 SavRoam;SAVRoam;c:\program files\symantec antivirus\SavRoam.exe [2005-11-15 169200]

=============== Created Last 30 ================

2009-01-12 20:34 <DIR> --d----- c:\program files\Trend Micro
2009-01-11 19:54 <DIR> --d----- c:\docume~1\taryns~1\applic~1\Malwarebytes
2009-01-11 19:54 15,504 a------- c:\windows\system32\drivers\mbam.sys
2009-01-11 19:54 38,496 a------- c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-11 19:54 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Malwarebytes
2009-01-11 19:54 <DIR> --d----- c:\program files\Malwarebytes' Anti-Malware
2009-01-11 19:04 <DIR> --d----- C:\VundoFix Backups
2009-01-10 08:52 <DIR> --d----- c:\docume~1\alluse~1\applic~1\SUPERAntiSpyware.com
2009-01-10 08:51 <DIR> --d----- c:\program files\SUPERAntiSpyware
2009-01-10 08:51 <DIR> --d----- c:\docume~1\taryns~1\applic~1\SUPERAntiSpyware.com
2009-01-09 18:59 <DIR> --d----- c:\windows\pss
2009-01-09 18:33 410,984 a------- c:\windows\system32\deploytk.dll
2009-01-09 15:34 1,248,745 ---sh--- c:\windows\system32\mytayxvw.ini
2009-01-09 06:41 1,241,433 ---sh--- c:\windows\system32\uxryqinb.ini
2009-01-08 15:31 1,250,178 ---sh--- c:\windows\system32\ywjmcwul.ini
2009-01-07 08:59 1,320,830 ---sh--- c:\windows\system32\gmclyrci.ini
2009-01-07 07:38 1,321,922 ---sh--- c:\windows\system32\voumajdu.ini
2009-01-06 11:15 1,321,922 ---sh--- c:\windows\system32\adqlhgnc.ini
2009-01-05 11:10 1,321,922 ---sh--- c:\windows\system32\atjvphyh.ini
2009-01-05 11:10 666,643 a--sh--- c:\windows\system32\yJjRCcdd.ini2
2009-01-05 11:10 664,395 a--sh--- c:\windows\system32\yJjRCcdd.ini
2009-01-04 11:10 1,307,356 ---sh--- c:\windows\system32\vukgfshg.ini
2009-01-04 11:09 369 a--sh--- c:\windows\system32\NUtCbcdd.ini
2009-01-04 11:04 <DIR> --d----- c:\docume~1\alluse~1\applic~1\Babylon
2009-01-04 11:04 <DIR> --d----- c:\docume~1\taryns~1\applic~1\Babylon
2009-01-04 09:15 <DIR> --d----- c:\program files\Microsoft ActiveSync
2009-01-03 22:11 <DIR> --d----- C:\DVDVideoSoft
2009-01-03 11:35 237,568 a------- c:\windows\system32\rmc_rtspdl.dll
2009-01-03 11:35 156,672 a------- c:\windows\system32\rmc_fixasf.exe
2009-01-03 11:35 323,584 a------- c:\windows\system32\AUDIOGENIE2.DLL
2009-01-03 11:35 <DIR> --d----- c:\windows\Replay Media Catcher
2009-01-03 11:34 <DIR> --d----- c:\program files\Replay Media Catcher
2009-01-03 09:45 <DIR> --d----- c:\docume~1\taryns~1\applic~1\Moyea
2009-01-03 09:22 <DIR> --d----- c:\program files\common files\Download Manager
2008-12-29 15:24 76 a------- c:\windows\dellstat.ini
2008-12-29 15:24 100 a------- c:\windows\lexstat.ini
2008-12-29 15:23 <DIR> --d----- c:\program files\Lexmark 1200 Series
2008-12-29 15:22 <DIR> --d----- C:\Lexmark
2008-12-22 14:43 <DIR> --d----- c:\docume~1\taryns~1\applic~1\OpenOffice.org
2008-12-22 14:40 <DIR> --d----- c:\program files\JRE
2008-12-22 14:39 <DIR> --d----- c:\program files\OpenOffice.org 3
2008-12-22 14:37 <DIR> --d----- c:\program files\OpenOffice3.0
2008-12-22 14:37 <DIR> --d----- c:\program files\New Folder
2008-12-14 10:07 <DIR> --d----- c:\windows\system32\Adobe

==================== Find3M ====================

2008-12-12 23:40 3,593,216 a------- c:\windows\system32\dllcache\mshtml.dll
2008-10-28 15:36 823,296 a------- c:\windows\system32\divx_xx0c.dll
2008-10-28 15:36 823,296 a------- c:\windows\system32\divx_xx07.dll
2008-10-28 15:35 815,104 a------- c:\windows\system32\divx_xx0a.dll
2008-10-28 15:35 802,816 a------- c:\windows\system32\divx_xx11.dll
2008-10-28 15:35 684,032 a------- c:\windows\system32\DivX.dll
2008-10-24 04:21 455,296 -------- c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 05:36 286,720 a------- c:\windows\system32\gdi32.dll
2008-10-23 05:36 286,720 -------- c:\windows\system32\dllcache\gdi32.dll
2008-10-16 14:13 1,809,944 a------- c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 14:13 202,776 a------- c:\windows\system32\dllcache\wuweb.dll
2008-10-16 14:12 323,608 a------- c:\windows\system32\dllcache\wucltui.dll
2008-10-16 14:12 561,688 a------- c:\windows\system32\dllcache\wuapi.dll
2008-10-16 14:09 92,696 a------- c:\windows\system32\dllcache\cdm.dll
2008-10-16 14:09 51,224 a------- c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 14:08 34,328 a------- c:\windows\system32\dllcache\wups.dll
2008-10-16 14:06 268,648 a------- c:\windows\system32\mucltui.dll
2008-10-16 14:06 208,744 a------- c:\windows\system32\muweb.dll
2008-10-16 06:11 70,656 -------- c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 06:11 13,824 -------- c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 09:34 337,408 -------- c:\windows\system32\dllcache\netapi32.dll
2008-10-15 00:06 633,632 -------- c:\windows\system32\dllcache\iexplore.exe
2008-10-15 00:04 161,792 -------- c:\windows\system32\dllcache\ieakui.dll
2006-01-11 23:59 0 ac------ c:\docume~1\taryns~1\applic~1\wklnhst.dat
2008-09-07 07:31 32,768 a--sh--- c:\windows\system32\config\systemprofile\local settings\history\history.ie5\mshist012008090720080908\index.dat

============= FINISH: 20:47:31.92 ===============
__________________________________________________________________________________________________________

Malwarebytes' Anti-Malware 1.32
Database version: 1643
Windows 5.1.2600 Service Pack 3

1/12/2009 5:32:12 AM
mbam-log-2009-01-12 (05-32-05).txt

Scan type: Quick Scan
Objects scanned: 55683
Time elapsed: 4 minute(s), 58 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 1
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\MS Juan (Malware.Trace) -> No action taken.

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)



Thanks for your help!

Attached Files



BC AdBot (Login to Remove)

 


#2 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:35 AM

Posted 13 January 2009 - 06:04 AM

Hi,

* Please visit this webpage for instructions for downloading and running ComboFix:

http://www.bleepingcomputer.com/combofix/how-to-use-combofix

Post the log from ComboFix in your next reply.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#3 stys82

stys82
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 13 January 2009 - 08:33 PM

Here you go...

ComboFix 09-01-13.03 - Taryn Stys 2009-01-13 18:27:04.1 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.2046.1430 [GMT -7:00]
Running from: c:\documents and settings\Taryn Stys\Desktop\ComboFix.exe
AV: Symantec AntiVirus Corporate Edition *On-access scanning disabled* (Updated)
* Created a new restore point
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\windows\Downloaded Program Files\setup.inf
c:\windows\system32\adqlhgnc.ini
c:\windows\system32\atjvphyh.ini
c:\windows\system32\gmclyrci.ini
c:\windows\system32\mytayxvw.ini
c:\windows\system32\NUtCbcdd.ini
c:\windows\system32\uxryqinb.ini
c:\windows\system32\voumajdu.ini
c:\windows\system32\vukgfshg.ini
c:\windows\system32\yJjRCcdd.ini
c:\windows\system32\yJjRCcdd.ini2
c:\windows\system32\ywjmcwul.ini

.
((((((((((((((((((((((((( Files Created from 2008-12-14 to 2009-01-14 )))))))))))))))))))))))))))))))
.

2009-01-12 20:34 . 2009-01-12 20:34 <DIR> d-------- c:\program files\Trend Micro
2009-01-11 19:54 . 2009-01-11 19:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware
2009-01-11 19:54 . 2009-01-11 19:54 <DIR> d-------- c:\documents and settings\Taryn Stys\Application Data\Malwarebytes
2009-01-11 19:54 . 2009-01-11 19:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-01-11 19:54 . 2009-01-04 18:39 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys
2009-01-11 19:54 . 2009-01-04 18:38 15,504 --a------ c:\windows\system32\drivers\mbam.sys
2009-01-11 19:04 . 2009-01-11 19:04 <DIR> d-------- C:\VundoFix Backups
2009-01-10 08:52 . 2009-01-10 08:52 <DIR> d-------- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-01-10 08:51 . 2009-01-10 08:51 <DIR> d-------- c:\program files\SUPERAntiSpyware
2009-01-10 08:51 . 2009-01-10 08:51 <DIR> d-------- c:\documents and settings\Taryn Stys\Application Data\SUPERAntiSpyware.com
2009-01-09 18:33 . 2009-01-09 18:32 410,984 --a------ c:\windows\system32\deploytk.dll
2009-01-04 11:04 . 2009-01-04 11:04 <DIR> d-------- c:\documents and settings\Taryn Stys\Application Data\Babylon
2009-01-04 11:04 . 2009-01-04 11:04 <DIR> d-------- c:\documents and settings\All Users\Application Data\Babylon
2009-01-04 09:15 . 2009-01-04 09:15 <DIR> d-------- c:\program files\Microsoft ActiveSync
2009-01-03 22:11 . 2009-01-03 22:11 <DIR> d-------- C:\DVDVideoSoft
2009-01-03 11:35 . 2009-01-03 11:35 <DIR> d-------- c:\windows\Replay Media Catcher
2009-01-03 11:35 . 2009-01-08 15:42 323,584 --a------ c:\windows\system32\AUDIOGENIE2.DLL
2009-01-03 11:35 . 2009-01-08 15:42 237,568 --a------ c:\windows\system32\rmc_rtspdl.dll
2009-01-03 11:35 . 2009-01-08 15:42 156,672 --a------ c:\windows\system32\rmc_fixasf.exe
2009-01-03 11:34 . 2009-01-08 15:48 <DIR> d-------- c:\program files\Replay Media Catcher
2009-01-03 09:45 . 2009-01-03 09:45 <DIR> d-------- c:\documents and settings\Taryn Stys\Application Data\Moyea
2009-01-03 09:22 . 2009-01-03 09:22 <DIR> d-------- c:\program files\Common Files\Download Manager
2009-01-02 09:25 . 2009-01-02 09:25 <DIR> d-------- c:\program files\Common Files\Adobe AIR
2009-01-02 09:16 . 2009-01-03 10:14 <DIR> d-------- c:\program files\NOS
2009-01-02 09:16 . 2009-01-03 10:14 <DIR> d-------- c:\documents and settings\All Users\Application Data\NOS
2008-12-29 15:24 . 2008-12-29 15:24 100 --a------ c:\windows\lexstat.ini
2008-12-29 15:24 . 2008-12-29 15:24 76 --a------ c:\windows\dellstat.ini
2008-12-29 15:23 . 2008-12-29 17:12 <DIR> d-------- c:\program files\Lexmark 1200 Series
2008-12-29 15:22 . 2008-12-29 15:22 <DIR> d-------- C:\Lexmark
2008-12-22 14:43 . 2008-12-22 14:43 <DIR> d-------- c:\documents and settings\Taryn Stys\Application Data\OpenOffice.org
2008-12-22 14:40 . 2008-12-22 14:40 <DIR> d-------- c:\program files\JRE
2008-12-22 14:39 . 2008-12-22 14:40 <DIR> d-------- c:\program files\OpenOffice.org 3
2008-12-22 14:37 . 2008-12-22 14:37 <DIR> d-------- c:\program files\OpenOffice3.0
2008-12-22 14:37 . 2008-12-22 14:37 <DIR> d-------- c:\program files\New Folder
2008-12-14 10:07 . 2008-12-14 10:08 <DIR> d-------- c:\windows\system32\Adobe

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-01-14 01:19 --------- d-----w c:\program files\Symantec AntiVirus
2009-01-14 01:18 --------- d-----w c:\program files\Mozilla Firefox 3 Beta 2
2009-01-13 03:11 --------- d-----w c:\program files\Common Files\Wise Installation Wizard
2009-01-13 02:57 --------- d-----w c:\documents and settings\Taryn Stys\Application Data\StumbleUpon
2009-01-10 14:50 --------- d-----w c:\program files\Microsoft Works
2009-01-10 14:44 --------- d-----w c:\program files\Google
2009-01-10 01:32 --------- d-----w c:\program files\Java
2009-01-02 16:24 --------- d-----w c:\program files\Common Files\Adobe
2008-12-13 06:40 3,593,216 ----a-w c:\windows\system32\dllcache\mshtml.dll
2008-11-29 16:43 --------- d-----w c:\documents and settings\Taryn Stys\Application Data\Amazon
2008-11-29 16:40 --------- d-----w c:\program files\Amazon
2008-11-25 01:46 --------- d-----w c:\program files\COWON
2008-11-25 01:46 --------- d-----w c:\program files\Common Files\COWON
2008-11-25 01:45 --------- d--h--w c:\program files\InstallShield Installation Information
2008-11-23 22:52 --------- d-----w c:\program files\iTunes
2008-11-23 22:52 --------- d-----w c:\program files\iPod
2008-11-23 22:52 --------- d-----w c:\program files\Common Files\Apple
2008-11-23 22:52 --------- d-----w c:\documents and settings\All Users\Application Data\{3276BE95_AF08_429F_A64F_CA64CB79BCF6}
2008-11-23 22:50 --------- d-----w c:\program files\QuickTime
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx0c.dll
2008-10-28 22:36 823,296 ----a-w c:\windows\system32\divx_xx07.dll
2008-10-28 22:35 815,104 ----a-w c:\windows\system32\divx_xx0a.dll
2008-10-28 22:35 802,816 ----a-w c:\windows\system32\divx_xx11.dll
2008-10-28 22:35 684,032 ----a-w c:\windows\system32\DivX.dll
2008-10-24 11:21 455,296 ------w c:\windows\system32\dllcache\mrxsmb.sys
2008-10-23 12:36 286,720 ----a-w c:\windows\system32\gdi32.dll
2008-10-23 12:36 286,720 ------w c:\windows\system32\dllcache\gdi32.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\system32\wuweb.dll
2008-10-16 21:13 202,776 ----a-w c:\windows\system32\dllcache\wuweb.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\wuaueng.dll
2008-10-16 21:13 1,809,944 ----a-w c:\windows\system32\dllcache\wuaueng.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\wuapi.dll
2008-10-16 21:12 561,688 ----a-w c:\windows\system32\dllcache\wuapi.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\wucltui.dll
2008-10-16 21:12 323,608 ----a-w c:\windows\system32\dllcache\wucltui.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\dllcache\cdm.dll
2008-10-16 21:09 92,696 ----a-w c:\windows\system32\cdm.dll
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\wuauclt.exe
2008-10-16 21:09 51,224 ----a-w c:\windows\system32\dllcache\wuauclt.exe
2008-10-16 21:09 43,544 ----a-w c:\windows\system32\wups2.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\wups.dll
2008-10-16 21:08 34,328 ----a-w c:\windows\system32\dllcache\wups.dll
2008-10-16 21:06 268,648 ----a-w c:\windows\system32\mucltui.dll
2008-10-16 21:06 208,744 ----a-w c:\windows\system32\muweb.dll
2008-10-16 13:11 70,656 ------w c:\windows\system32\dllcache\ie4uinit.exe
2008-10-16 13:11 13,824 ------w c:\windows\system32\dllcache\ieudinit.exe
2008-10-15 16:34 337,408 ------w c:\windows\system32\dllcache\netapi32.dll
2008-10-15 07:06 633,632 ------w c:\windows\system32\dllcache\iexplore.exe
2008-10-15 07:04 161,792 ------w c:\windows\system32\dllcache\ieakui.dll
2006-01-12 06:59 0 -c--a-w c:\documents and settings\Taryn Stys\Application Data\wklnhst.dat
2007-12-01 04:04 67,696 ----a-w c:\program files\mozilla firefox\components\jar50.dll
2007-12-01 04:04 54,376 ----a-w c:\program files\mozilla firefox\components\jsd3250.dll
2007-12-01 04:04 34,952 ----a-w c:\program files\mozilla firefox\components\myspell.dll
2007-12-01 04:04 46,720 ----a-w c:\program files\mozilla firefox\components\spellchk.dll
2007-12-01 04:04 172,144 ----a-w c:\program files\mozilla firefox\components\xpinstal.dll
2008-09-07 14:31 32,768 --sha-w c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\MSHist012008090720080908\index.dat
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"MSMSGS"="c:\program files\Messenger\msmsgs.exe" [2008-04-13 1695232]
"ctfmon.exe"="c:\windows\system32\ctfmon.exe" [2008-04-13 15360]
"BgMonitor_{79662E04-7C6C-4d9f-84C7-88D8A56B10AA}"="c:\program files\Common Files\Ahead\Lib\NMBgMonitor.exe" [2006-10-09 139264]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-05-23 68856]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\Wcescomm.exe" [2006-11-13 1289000]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2008-12-22 1830128]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ATIPTA"="c:\program files\ATI Technologies\ATI Control Panel\atiptaxx.exe" [2005-03-22 339968]
"SynTPLpr"="c:\program files\Synaptics\SynTP\SynTPLpr.exe" [2005-07-28 82009]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2005-08-01 729177]
"eabconfg.cpl"="c:\program files\HPQ\Quick Launch Buttons\EabServr.exe" [2004-12-03 290816]
"LSBWatcher"="c:\hp\drivers\hplsbwatcher\lsburnwatcher.exe" [2004-10-14 253952]
"Cpqset"="c:\program files\HPQ\Default Settings\cpqset.exe" [2005-02-17 233534]
"HPDJ Taskbar Utility"="c:\windows\system32\spool\drivers\w32x86\3\hpztsb04.exe" [2001-10-25 196608]
"HPHmon03"="c:\windows\system32\hphmon03.exe" [2001-10-25 311296]
"ccApp"="c:\program files\Common Files\Symantec Shared\ccApp.exe" [2005-10-04 48752]
"vptray"="c:\progra~1\SYMANT~1\VPTray.exe" [2005-11-15 85744]
"masqform.exe"="c:\program files\IMT_Viewer\masqform.exe" [2005-07-04 643072]
"NeroFilterCheck"="c:\program files\Common Files\Ahead\Lib\NeroCheck.exe" [2006-01-12 155648]
"SunJavaUpdateSched"="c:\program files\Java\jre6\bin\jusched.exe" [2009-01-09 136600]
"StrgSync.exe"="c:\program files\StorageSync\StrgSync.exe" [2005-10-07 3032576]
"HP Software Update"="c:\program files\Hp\HP Software Update\HPWuSchd2.exe" [2007-05-08 54840]
"TkBellExe"="c:\program files\Common Files\Real\Update_OB\realsched.exe" [2008-07-06 185896]
"AppleSyncNotifier"="c:\program files\Common Files\Apple\Mobile Device Support\bin\AppleSyncNotifier.exe" [2008-09-03 111936]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2008-11-04 413696]
"iTunesHelper"="c:\program files\iTunes\iTunesHelper.exe" [2008-11-20 290088]
"Lexmark 1200 Series"="c:\program files\Lexmark 1200 Series\lxczbmgr.exe" [2006-04-18 57344]
"Adobe Reader Speed Launcher"="c:\program files\Adobe\Reader 9.0\Reader\Reader_sl.exe" [2008-06-12 34672]

c:\documents and settings\Taryn Stys\Start Menu\Programs\Startup\
OpenOffice.org 3.0.lnk - c:\program files\OpenOffice.org 3\program\quickstart.exe [2008-09-12 384000]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"SecurityTab"= 1 (0x1)

[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=vyllvb.dll

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\SymantecAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Common Files\\AOL\\Loader\\aolload.exe"=
"c:\\Program Files\\Real\\RealPlayer\\realplay.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Bonjour\\mDNSResponder.exe"=
"c:\\Program Files\\RosettaStoneLtdServices\\RosettaStoneLtdController.exe"=
"c:\\Program Files\\RosettaStoneLtdServices\\RosettaStoneLtdServer.exe"=
"c:\\Program Files\\RosettaStoneLtdServices\\RosettaStoneLtdServices.exe"=
"c:\\Program Files\\iTunes\\iTunes.exe"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2008-12-22 8944]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2008-12-22 55024]
R1 vcdrom;Virtual CD-ROM Device Driver;c:\windows\system32\drivers\VCdRom.sys [2007-05-13 8576]
R3 EraserUtilRebootDrv;EraserUtilRebootDrv;c:\program files\Common Files\Symantec Shared\EENGINE\EraserUtilRebootDrv.sys [2008-09-06 99376]
R3 HSFHWATI;HSFHWATI;c:\windows\system32\drivers\HSFHWATI.sys [2005-03-22 200192]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2008-12-22 7408]
R4 RosettaStoneLtdController;RosettaStoneLtdController;c:\program files\RosettaStoneLtdServices\RosettaStoneLtdController.exe [2008-09-16 352312]
S3 Dot4Usb HPH09;Dot4Usb HPH09;c:\windows\system32\drivers\hphius09.sys [2001-10-25 18864]
S3 DzlUsb;Dazzle DVC USB Device;c:\windows\system32\drivers\DzlUsb.sys [2007-01-01 62032]
S3 SavRoam;SAVRoam;c:\program files\Symantec AntiVirus\SavRoam.exe [2005-11-15 169200]
S4 OpenCASE Media Agent;OpenCASE Media Agent;c:\program files\OpenCase\OpenCASE Media Agent\MediaAgent.exe [2007-06-19 597640]

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{3067d898-e2fa-11db-9df6-0014a5636d8f}]
\Shell\AutoRun\command - E:\LaunchU3.exe -a
.
Contents of the 'Scheduled Tasks' folder

2009-01-08 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 11:34]
.
- - - - ORPHANS REMOVED - - - -

WebBrowser-{604BC32A-9680-40D1-9AC6-E06B23A1BA4C} - (no file)
HKCU-Run-FLV Downloader - c:\program files\Moyea\YouTube FLV Downloader\FLVDownloader.exe
HKLM-Run-Adobe Photo Downloader - c:\program files\Adobe\Photoshop Album Starter Edition\3.2\Apps\apdproxy.exe


.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uInternet Connection Wizard,ShellNext = hxxp://ie.redirect.hp.com/svs/rdr?TYPE=3&tp=iehome&locale=EN_US&c=Q305&bd=presario&pf=laptop
uInternet Settings,ProxyOverride = *.local
uSearchURL,(Default) = hxxp://www.google.com/keyword/%s
IE: &AOL Toolbar search - c:\program files\AOL Toolbar\toolbar.dll/SEARCH.HTML
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~4\OFFICE11\EXCEL.EXE/3000
IE: StumbleUpon: &Blog This - StumbleUponIEBar.dll/blogimage
Trusted Zone: mail.langley.af.mil
Trusted Zone: *.stumbleupon.com
TCP: {413227F0-2EA2-4DF4-88F4-621B73F678D2} = 208.67.222.222,208.67.220.222

c:\windows\Downloaded Program Files\StreamPlug.dll - O16 -: {2019DC25-D1C0-11D6-97B3-0008A124F542}
hxxp://www.streamplug.com/StreamPlug/beta/SP.cab

c:\windows\Downloaded Program Files\SystemCheck.dll - O16 -: {A906CBEA-6FAF-43B8-AE2F-857C5A21884C}
hxxp://mediadownloads.walmart.com/mmce/resources/walmartcheck2.cab

c:\windows\Downloaded Program Files\Copysafe.EXE - O16 -: {BE1BDC4F-2AAC-494E-88B1-86B2EE4F2D6D}
hxxp://download.copysafe.net/Plugin/Download/Copysafe.cab
c:\windows\Downloaded Program Files\SETUP.INF
FF - ProfilePath - c:\documents and settings\Taryn Stys\Application Data\Mozilla\Firefox\Profiles\gm4t3akt.default\
FF - prefs.js: browser.search.defaulturl - hxxp://www.google.com/search?lr=&ie=UTF-8&oe=UTF-8&q=
FF - prefs.js: browser.startup.homepage - hxxp://www.cnn.com/|http://mail.google.com/mail/#inbox|http://www.yahoo.com/
FF - plugin: c:\documents and settings\Taryn Stys\Application Data\Mozilla\Firefox\Profiles\gm4t3akt.default\extensions\moveplayer@movenetworks.com\platform\WINNT_x86-msvc\plugins\npmnqmp07076007.dll
FF - plugin: c:\progra~1\GRADKE~1\DBSIGN~1\lib\npDBsignWeb.dll
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
.

**************************************************************************

catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-01-13 18:28:30
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

HKLM\Software\Microsoft\Windows\CurrentVersion\Run
Cpqset = c:\program files\HPQ\Default Settings\cpqset.exe????????5?9?5?7??????? ???B?????????????hLC? ??????

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\Ati2evxx.dll
.
Completion time: 2009-01-13 18:30:22
ComboFix-quarantined-files.txt 2009-01-14 01:29:40

Pre-Run: 13,494,947,840 bytes free
Post-Run: 13,783,556,096 bytes free

WindowsXP-KB310994-SP2-Home-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(1)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(1)\WINDOWS="Microsoft Windows XP Home Edition" /noexecute=optin /fastdetect

260 --- E O F --- 2008-12-18 10:01:14


Thanks

#4 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:35 AM

Posted 14 January 2009 - 03:40 AM

Hi,

This looks OK again. Just one leftover we have to deal with...

Open notepad and copy and paste next present in the quotebox below in it:
(don't forget to copy and paste REGEDIT4)

REGEDIT4

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=""

Save this as fix.reg Choose to save as *all files and place it on your desktop.
It should look like this: Posted Image
Doubleclick on it and when it asks you if you want to merge the contents to the registry, click yes/ok.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#5 stys82

stys82
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 14 January 2009 - 06:41 AM

Done...

Is that everything?

#6 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:35 AM

Posted 14 January 2009 - 06:47 AM

Yes, your problem should be resolved now.

* Go to start > run and copy and paste next command in the field:

ComboFix /u

Make sure there's a space between Combofix and /
Then hit enter.

This will uninstall Combofix, delete its related folders and files, reset your clock settings, hide file extensions, hide the system/hidden files and resets System Restore again.

Let me know in your next reply how things are now.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#7 stys82

stys82
  • Topic Starter

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Local time:06:35 PM

Posted 14 January 2009 - 06:00 PM

I have uninstalled ComboFix, my computer looks clean, and is working great. Thank you so much for your help I really appreciate it!

#8 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:35 AM

Posted 15 January 2009 - 03:32 AM

Glad I could help. :thumbsup:

Please read my Prevention page with lots of info and tips how to prevent this in the future.
And if you want to improve speed/system performance after malware removal, take a look here.
Extra note: Make sure your programs are up to date - because older versions may contain Security Leaks. To find out what programs need to be updated, please run the Secunia Software Inspector Scan.

Happy Surfing again!
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.

#9 miekiemoes

miekiemoes

    Malware Killer Dog


  • Malware Response Team
  • 19,420 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:Belgium
  • Local time:03:35 AM

Posted 16 January 2009 - 05:47 AM

Since this issue appears resolved ... this Topic is closed.
If you need this topic reopened for continuations of existing problems, please request this by sending me a PM with the address of the thread. This applies only to the original topic starter.

Everyone else please begin a New Topic.
AntispywareScanners---Antivirus Scanners---Firewalls---Online Scanners---Prevention---Help! My computer is slow---My Blog---Follow me on Twitter.
My help is ALWAYS FREE, but if you want to donate to help me continue my fight against malware -- click here!
Asking for help via Private Message or Mail will be ignored - So If you need help, post your problem in the forum.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users