Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

ComboFix log used for two Trojans


  • This topic is locked This topic is locked
2 replies to this topic

#1 lissa755

lissa755

  • Members
  • 4 posts
  • OFFLINE
  •  
  • Gender:Female
  • Local time:04:42 PM

Posted 08 August 2009 - 02:46 AM

I have the Kaspersky Anti-Virus software installed on my hp mini that runs Windows XP. My anti-virus software had detected two trojans that were:

- Trojan. Win32.Monder.cpxu
- Trojan. Win32.Small.bzc

I had help with the ComboFix program and I was told to post the ComboFix log here and have someone review it. I'm hoping there gone I just want to say thank you much and I'm very greatful for those who have helped me out!! =)

Thanks for your time,
-Lissa-

Here is the ComboFix Log :

ComboFix 09-08-07.09 - Melissa 08/08/2009 2:02.2.2 - NTFSx86
Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.1015.590 [GMT -5:00]
Running from: c:\documents and settings\Melissa\My Documents\Downloads\ComboFix.exe
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Updated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\recycler\S-1-5-21-3108113604-0041986402-909417820-4321
c:\windows\system32\drivers\SKYNETfcbuhxrs.sys
c:\windows\system32\skinboxer43.dll
c:\windows\system32\SKYNETdqwmiqri.dll
c:\windows\system32\SKYNETlog.dat
c:\windows\system32\SKYNETqheepapp.dat
c:\windows\system32\SKYNETvdwwowfo.dat
c:\windows\system32\SKYNETxpkrtepo.dll

.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Service_SKYNETrgbvpfpc
-------\Legacy_SKYNETrgbvpfpc


((((((((((((((((((((((((( Files Created from 2009-07-08 to 2009-08-08 )))))))))))))))))))))))))))))))
.

2009-08-08 05:29 . 2009-08-08 05:29 -------- d--h--w- c:\windows\PIF
2009-08-06 07:01 . 2009-08-06 07:01 -------- d-----w- c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com
2009-08-06 07:00 . 2009-08-08 04:53 -------- d-----w- c:\program files\SUPERAntiSpyware
2009-08-06 05:06 . 2009-08-06 05:06 -------- d-----w- c:\documents and settings\Administrator.PC121319685224\Application Data\Malwarebytes
2009-08-06 04:02 . 2009-08-06 04:33 -------- dc----w- c:\windows\system32\DRVSTORE
2009-08-06 03:59 . 2009-08-06 04:33 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-08-05 15:09 . 2009-08-05 15:09 -------- d-----w- c:\documents and settings\Melissa\Application Data\Malwarebytes
2009-08-05 15:09 . 2009-08-05 15:09 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-08-05 06:56 . 2009-08-05 06:56 -------- d-sh--w- c:\documents and settings\Administrator.PC121319685224\IECompatCache
2009-08-05 06:25 . 2009-08-05 06:25 -------- d-sh--w- c:\documents and settings\Administrator.PC121319685224\PrivacIE
2009-07-26 08:11 . 2009-07-26 08:11 -------- d-sh--w- c:\documents and settings\Administrator.PC121319685224\IETldCache
2009-07-26 08:09 . 2009-08-05 06:56 -------- d-----w- c:\documents and settings\Administrator.PC121319685224
2009-07-25 16:58 . 2009-07-26 07:30 -------- d-----w- c:\program files\ACW
2009-07-17 15:07 . 2009-08-04 06:33 -------- d-----w- c:\documents and settings\Melissa\Local Settings\Application Data\Temp
2009-07-12 18:47 . 2009-07-12 18:47 -------- d-----w- c:\documents and settings\Melissa\Local Settings\Application Data\AOL
2009-07-12 18:40 . 2009-07-12 18:40 -------- d-----w- c:\program files\Common Files\Software Update Utility
2009-07-12 18:33 . 2009-07-12 18:59 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL OCP
2009-07-12 18:32 . 2009-07-20 15:03 -------- d-----w- c:\program files\Common Files\AOL

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-08-08 07:02 . 2009-06-17 18:16 221216 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-08-08 06:59 . 2009-06-17 18:16 1808 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-08-08 06:56 . 2009-06-17 18:16 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab
2009-08-08 06:11 . 2009-06-17 18:16 11804 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-08-08 06:11 . 2009-06-17 18:16 1372704 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-08-08 04:54 . 2009-04-10 22:05 -------- d-----w- c:\program files\Spybot - Search & Destroy
2009-08-08 04:54 . 2009-04-10 22:05 -------- d-----w- c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy
2009-08-01 08:19 . 2008-12-19 07:58 -------- d-----w- c:\program files\Common Files\Adobe
2009-07-31 07:53 . 2009-07-04 04:39 -------- d-----w- c:\program files\Microsoft Silverlight
2009-07-21 20:21 . 2009-06-19 22:51 208616 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\avp.exe
2009-07-12 18:47 . 2008-12-19 07:59 -------- d-----w- c:\documents and settings\All Users\Application Data\Viewpoint
2009-07-12 18:34 . 2008-12-19 07:59 -------- d-----w- c:\program files\Viewpoint
2009-07-12 18:33 . 2009-03-19 15:29 -------- d-----w- c:\documents and settings\All Users\Application Data\AOL
2009-07-06 04:20 . 2009-07-06 04:20 -------- d-----w- c:\documents and settings\Melissa\Application Data\Template
2009-07-06 04:20 . 2009-07-06 04:20 0 ----a-w- c:\documents and settings\Melissa\Application Data\wklnhst.dat
2009-07-03 17:09 . 2007-08-14 09:54 915456 ----a-w- c:\windows\system32\wininet.dll
2009-06-28 08:52 . 2009-06-28 08:50 -------- d-----w- c:\program files\QuickTime
2009-06-28 08:49 . 2009-06-28 08:49 -------- d-----w- c:\documents and settings\All Users\Application Data\Apple Computer
2009-06-28 08:24 . 2008-12-19 07:57 -------- d-----w- c:\program files\Java
2009-06-26 19:13 . 2009-06-26 10:56 -------- d-----w- c:\documents and settings\All Users\Application Data\NOS
2009-06-26 19:13 . 2009-06-26 10:56 -------- d-----w- c:\program files\NOS
2009-06-26 10:57 . 2009-06-26 10:57 86016 ----a-w- c:\documents and settings\All Users\Application Data\NOS\Adobe_Downloads\arh.exe
2009-06-20 00:51 . 2009-06-20 00:51 -------- d-----w- c:\documents and settings\All Users\Application Data\NCH Software
2009-06-19 23:57 . 2008-12-19 08:02 -------- d-----w- c:\program files\Microsoft Works
2009-06-19 23:04 . 2009-06-19 23:04 10134 ----a-r- c:\documents and settings\Melissa\Application Data\Microsoft\Installer\{CAE7D1D9-3794-4169-B4DD-964ADBC534EE}\ARPPRODUCTICON.exe
2009-06-19 22:52 . 2008-01-29 22:29 33808 ----a-w- c:\windows\system32\drivers\klbg.sys
2009-06-19 22:52 . 2009-06-17 18:20 94643 ----a-w- c:\windows\system32\drivers\klick.dat
2009-06-19 22:52 . 2009-06-17 18:20 105395 ----a-w- c:\windows\system32\drivers\klin.dat
2009-06-19 22:51 . 2009-06-19 22:51 33808 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\klbg.sys
2009-06-19 22:51 . 2009-06-19 22:51 226832 ----a-w- c:\documents and settings\All Users\Application Data\Kaspersky Lab\AVP8\Data\Updater\Temporary Files\temporaryFolder\AutoPatches\kav8exec\8.0.0.506\XP\klif.sys
2009-06-19 20:50 . 2009-03-19 20:17 48352 ----a-w- c:\documents and settings\Melissa\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-06-17 18:16 . 2009-06-17 18:16 -------- d-----w- c:\program files\Kaspersky Lab
2009-06-17 18:11 . 2009-06-17 18:11 -------- d-----w- c:\documents and settings\All Users\Application Data\Kaspersky Lab Setup Files
2009-06-16 20:29 . 2009-03-21 21:32 -------- d-----w- c:\program files\Google
2009-06-16 18:14 . 2009-06-16 18:14 -------- d-----w- c:\program files\Geek Squad
2009-06-16 17:00 . 2009-06-16 17:00 -------- d-----w- c:\program files\MSBuild
2009-06-16 16:59 . 2009-06-16 16:59 -------- d-----w- c:\program files\Reference Assemblies
2009-06-16 14:36 . 2008-04-15 04:00 81920 ----a-w- c:\windows\system32\fontsub.dll
2009-06-16 14:36 . 2008-04-15 04:00 119808 ----a-w- c:\windows\system32\t2embed.dll
2009-06-16 09:33 . 2009-06-16 09:15 -------- d---a-w- c:\documents and settings\All Users\Application Data\TEMP
2009-06-16 05:25 . 2008-04-15 04:00 578560 ----a-w- c:\windows\system32\user32.dll
2009-06-13 05:49 . 2009-06-13 05:49 2713 --sh--w- c:\windows\system32\pepilose.exe
2009-06-12 23:49 . 2009-06-12 23:49 -------- d-----w- c:\documents and settings\Melissa\Application Data\Webroot
2009-06-12 01:53 . 2008-04-15 04:00 182656 ----a-w- c:\windows\system32\drivers\ndis.sys
2009-06-12 00:06 . 2009-03-19 16:07 -------- d-----w- c:\documents and settings\All Users\Application Data\Geek Squad
2009-06-03 19:09 . 2008-04-15 04:00 1291264 ----a-w- c:\windows\system32\quartz.dll
.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2009-05-26 413696]
"AVP"="c:\program files\Kaspersky Lab\Kaspersky Anti-Virus 2009\avp.exe" [2009-07-21 208616]
"AESTFltr"="c:\windows\system32\AESTFltr.exe" [2008-08-28 471040]
"HP Mobile Broadband"="c:\swsetup\HPQWWAN\HPMobileBroadband.exe" [2008-07-08 439600]
"SysTrayApp"="c:\program files\IDT\WDM\sttray.exe" [2008-09-11 446556]
"SynTPEnh"="c:\program files\Synaptics\SynTP\SynTPEnh.exe" [2008-07-31 1343488]
"Persistence"="c:\windows\system32\igfxpers.exe" [2008-02-15 131072]
"HotKeysCmds"="c:\windows\system32\hkcmd.exe" [2008-02-15 159744]
"IgfxTray"="c:\windows\system32\igfxtray.exe" [2008-02-15 135168]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2008-7-30 604776]

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\Synaptics\\SynTP\\SynTPEnh.exe"=
"c:\\Program Files\\Yahoo!\\Messenger\\Ymsgr_tray.exe"=
"c:\\WINDOWS\\system32\\sessmgr.exe"=

R0 klbg;Kaspersky Lab Boot Guard Driver;c:\windows\system32\drivers\klbg.sys [1/29/2008 5:29 PM 33808]
R2 Viewpoint Manager Service;Viewpoint Manager Service;c:\program files\Viewpoint\Common\ViewpointService.exe [7/12/2009 1:34 PM 24652]
R3 AESTAud;AE Audio Service;c:\windows\system32\drivers\AESTAud.sys [12/19/2008 2:48 AM 112128]
R3 klim5;Kaspersky Anti-Virus NDIS Filter;c:\windows\system32\drivers\klim5.sys [4/30/2008 5:06 PM 24592]
S1 c7ac2e66;c7ac2e66;c:\windows\system32\drivers\c7ac2e66.sys [4/28/2009 4:20 PM 0]
S3 UCORESYS;UCORESYS;c:\swsetup\SP42302\UCORESYS.SYS [7/24/2008 3:16 PM 15432]

[HKEY_LOCAL_MACHINE\software\microsoft\active setup\installed components\>{60B49E34-C7CC-11D0-8953-00A0C90347FF}]
"c:\windows\system32\rundll32.exe" "c:\windows\system32\iedkcs32.dll",BrandIEActiveSetup SIGNUP
.
Contents of the 'Scheduled Tasks' folder

2009-07-15 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2008-07-30 17:34]

2009-08-08 c:\windows\Tasks\User_Feed_Synchronization-{B1F49AD2-9F9C-4279-A3B5-B260CFC4E382}.job
- c:\windows\system32\msfeedssync.exe [2007-08-14 09:31]
.
- - - - ORPHANS REMOVED - - - -

Toolbar-Locked - (no file)


.
------- Supplementary Scan -------
.
uStart Page = about:blank
mStart Page = about:blank
uInternet Settings,ProxyServer = http=localhost:7171
uSearchURL,(Default) = hxxp://us.rd.yahoo.com/customize/ie/defaults/su/msgr9/*http://www.yahoo.com
DPF: {C228AEDD-FC47-11D3-AF87-D128A9381404} - hxxp://www.link-systems.com/~sdk/SDK/paste/lsiw2k.cab
FF - ProfilePath - c:\documents and settings\Melissa\Application Data\Mozilla\Firefox\Profiles\uoh4jpxj.default\
FF - plugin: c:\program files\Viewpoint\Viewpoint Experience Technology\npViewpoint.dll
FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

---- FIREFOX POLICIES ----
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.enforce_same_site_origin", false);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.cache_size", 51200);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.ogg.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.wave.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("media.autoplay.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("browser.urlbar.autocomplete.enabled", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("capability.policy.mailnews.*.wholeText", "noAccess");
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.storage.default_quota", 5120);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("content.sink.event_probe_rate", 3);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.http.prompt-temp-redirect", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.dpi", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("layout.css.devPixelsPerPx", -1);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("gestures.enable_single_finger_input", true);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("dom.max_chrome_script_run_time", 0);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("network.tcp.sendbuffer", 131072);
c:\program files\Mozilla Firefox\greprefs\all.js - pref("geo.enabled", true);
c:\program files\Mozilla Firefox\greprefs\security-prefs.js - pref("security.remember_cert_checkbox_default_setting", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox-branding.js - pref("browser.search.param.yahoo-fr-cjkt", "moz35");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("extensions.blocklist.level", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.restrict.typed", "~");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.urlbar.default.behavior", 0);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.clearOnShutdown.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.history", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.formdata", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.passwords", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.downloads", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cookies", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.cache", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.sessions", true);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.offlineApps", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.cpd.siteSettings", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("privacy.sanitize.migrateFx3Prefs", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.ssl_override_behavior", 2);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("security.alternate_certificate_error_page", "certerror");
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.autostart", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("browser.privatebrowsing.dont_prompt_on_enter", false);
c:\program files\Mozilla Firefox\defaults\pref\firefox.js - pref("geo.wifi.uri", "https://www.google.com/loc/json");
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-08-08 02:10
Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- LOCKED REGISTRY KEYS ---------------------

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}]
@Denied: (A 2) (Everyone)
@="FlashBroker"
"LocalizedString"="@c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe,-101"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\Elevation]
"Enabled"=dword:00000001

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\LocalServer32]
@="c:\\WINDOWS\\system32\\Macromed\\Flash\\FlashUtil10c.exe"

[HKEY_LOCAL_MACHINE\software\Classes\CLSID\{19114156-8E9A-4D4E-9EE9-17A0E48D3BBB}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}]
@Denied: (A 2) (Everyone)
@="IFlashBroker3"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\ProxyStubClsid32]
@="{00020424-0000-0000-C000-000000000046}"

[HKEY_LOCAL_MACHINE\software\Classes\Interface\{1D4C8A81-B7AC-460A-8C23-98713C41D6B3}\TypeLib]
@="{FAB3E735-69C7-453B-A446-B6823C6DF1C9}"
"Version"="1.0"
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'explorer.exe'(856)
c:\windows\system32\WININET.dll
c:\windows\system32\ieframe.dll
c:\windows\system32\webcheck.dll
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-08-08 2:16
ComboFix-quarantined-files.txt 2009-08-08 07:16

Pre-Run: 7,418,388,480 bytes free
Post-Run: 7,378,612,224 bytes free

241 --- E O F --- 2009-07-31 07:51

BC AdBot (Login to Remove)

 


#2 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:42 AM

Posted 18 August 2009 - 10:53 AM

Hello

Apologize for the delay in response we get overwhelmed at times but we are trying our best to keep up.
If you have since resolved the original problem you were having would appreciate you letting us know If not please perform the following below so I can have a look at the current condition of your machine.

Thanks and again sorry for the delay.

Let's scan your computer:

Malwarebytes' Anti-Malware
Download Malwarebytes' Anti-Malware here and save to your desktop.
  • Double-click mbam-setup.exe and follow the prompts to install the program.
  • At the end, be sure a checkmark is placed next to:
    Update Malwarebytes' Anti-Malware
    Launch Malwarebytes' Anti-Malware
  • Then click Finish.
  • If an update is found, it will download and install the latest version.
  • Once the program has loaded, select Perform full scan, then click Scan.
  • When the scan is complete, click OK, then Show Results to view the results.
  • Be sure that everything is checked, and click Remove Selected.
  • When completed, a log will open in Notepad. Please copy and paste the log back into your next reply
    Note:
  • The log can also be found here:
    C:\Documents and Settings\Username\Application Data\Malwarebytes\Malwarebytes' Anti-Malware\Logs\mbam-log-date (time).txt
  • Or via the Logs tab when Malwarebytes' Anti-Malware is started.
Then let's run Rsit:
  • Download random's system information tool (RSIT) by random/random from here and save it to your desktop.
  • Double click on RSIT.exe to run RSIT.
  • Click Continue at the disclaimer screen.
  • Once it has finished, two logs will open. Please post the contents of both log.txt (<<will be maximized) and info.txt (<<will be minimized)
Please post Mbam results and Rsit logs back here :thumbup2:
Posted Image

#3 Baabiouz

Baabiouz

    Finnish Malware Fighter


  • Members
  • 3,355 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Finland
  • Local time:01:42 AM

Posted 30 August 2009 - 11:35 AM

This thread will now be closed.
If you need this topic reopened, please contact me.

This applies only to the original topic starter.
Everyone else please begin a New Topic.
Posted Image




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users