Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

This Beats Me


  • This topic is locked This topic is locked
2 replies to this topic

#1 Pip#33

Pip#33

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 20 July 2006 - 08:26 PM

I've tried to get rid of this annoyance for 5 hours now, and I won't succeed, so I would say a big thank you, if we could manage this problem. I'm dog-tired, it's 03:26 here :thumbsup:

I guessed it was SpyQuake2 and I waded through this nice removal, but it didn't worked. Tried the auto and the manual. And now I come across that my history session in IE isn't deleted, but it should have been. Strange

I think I have managed to obliterate part of SpyQuake but it's still presented. When I done the removel, it seemed that everything was correct, but suddenly the whole attack on my computer started again, popups I mean.

Now the situation is:
starting page: //www.sysnetsecurity.net/
warning, popups, system alert in the bubble and a yellow triangle is twinling next to the clock but no red boxes

Combofix:

Start Time= 2006. 07. 21. 2:56:10,15
Running from: C:\Documents and Settings\Nyers Corp\Desktop

(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))



2006-07-21 02:43 C:\Program Files\mozilla firefox
2006-07-21 02:39 779 C:\WINDOWS\win.ini
2006-07-21 01:41 C:\Program Files\flashget
2006-07-21 01:07 C:\Program Files\inetget2
2006-07-21 01:06 C:\Program Files\tclock
2006-07-21 01:04 C:\Program Files\toolbar888
2006-07-21 01:04 C:\Program Files\Common Files\{609c5f83-0700-1038-1021-020225200024}
2006-07-21 01:04 C:\Program Files\common files
2006-07-20 23:47 C:\Program Files\roguescanfix
2006-07-20 21:54 C:\Program Files\media-codec
2006-07-19 23:39 C:\Program Files\intervideo
2006-07-19 23:38 C:\Program Files\Common Files\intervideo
2006-07-19 22:08 C:\Documents and Settings\Nyers Corp\Application Data\intervideo
2006-07-19 21:55 98˙304 C:\WINDOWS\system32\cmdlineext.dll
2006-07-19 21:18 C:\Program Files\ubisoft
2006-07-19 21:18 C:\Program Files\installshield installation information
2006-07-19 20:25 64 C:\WINDOWS\wininit.ini
2006-07-19 20:25 C:\Documents and Settings\Nyers Corp\Application Data\my games
2006-07-19 20:10 C:\Program Files\orionstudiosx
2006-07-19 20:01 220 C:\WINDOWS\dwin.sys
2006-07-19 15:46 439˙552 C:\WINDOWS\system32\perfstringbackup.ini
2006-07-19 15:14 29 C:\WINDOWS\system32\unwise.ini
2006-07-19 15:02 C:\Program Files\apache software foundation
2006-07-19 14:35 C:\Program Files\Common Files\microsoft shared
2006-07-19 13:49 C:\Program Files\winzip
2006-07-19 13:38 42 C:\WINDOWS\webica.ini
2006-07-19 12:13 C:\Documents and Settings\Nyers Corp\Application Data\ign_dlm
2006-07-11 15:17 C:\Documents and Settings\Nyers Corp\Application Data\firaxis games
2006-07-11 14:24 C:\Program Files\Common Files\systemrequirementslab
2006-07-09 18:23 336 C:\WINDOWS\sierra.ini
2006-06-30 11:43 84 C:\WINDOWS\wsst_screen_saver.ini
2006-06-27 14:12 C:\Program Files\america's army
2006-06-27 14:11 C:\Program Files\america's army server manager
2006-06-23 22:00 C:\Documents and Settings\Nyers Corp\Application Data\msn6
2006-06-23 14:22 C:\Documents and Settings\Nyers Corp\Application Data\microsoft
2006-06-23 12:07 C:\Program Files\codemasters
2006-06-17 01:08 C:\Program Files\internet explorer
2006-06-15 18:42 28˙256 C:\WINDOWS\system32\drivers\mxlw2k.sys
2006-06-15 10:22 C:\Documents and Settings\Nyers Corp\Application Data\media player classic
2006-06-15 10:17 C:\Program Files\divx
2006-06-05 17:37 C:\Documents and Settings\Nyers Corp\Application Data\adobeum
2006-06-05 15:44 658 C:\WINDOWS\wincmd.ini
2006-05-31 07:24 230˙168 C:\WINDOWS\system32\xactengine2_2.dll
2006-05-25 16:18 C:\Documents and Settings\Nyers Corp\Application Data\skype
2006-05-25 00:48 20˙640 C:\WINDOWS\system32\drivers\pxhelp20.sys
2006-05-25 00:48 109˙568 C:\WINDOWS\system32\pxinsi64.exe
2006-05-25 00:48 108˙544 C:\WINDOWS\system32\pxcpyi64.exe
2006-05-25 00:47 3˙596˙288 C:\WINDOWS\system32\qt-dx331.dll
2006-05-25 00:46 90˙112 C:\WINDOWS\system32\dpl100.dll
2006-05-25 00:46 593˙920 C:\WINDOWS\system32\dpugui11.dll
2006-05-25 00:46 57˙344 C:\WINDOWS\system32\dpv11.dll
2006-05-25 00:46 53˙248 C:\WINDOWS\system32\dpugui10.dll
2006-05-25 00:46 344˙064 C:\WINDOWS\system32\dpus11.dll
2006-05-25 00:46 294˙912 C:\WINDOWS\system32\dpu11.dll
2006-05-25 00:46 294˙912 C:\WINDOWS\system32\dpu10.dll
2006-05-25 00:46 200˙704 C:\WINDOWS\system32\dtu100.dll
2006-05-25 00:43 200˙704 C:\WINDOWS\system32\ssldivx.dll
2006-05-25 00:43 1˙044˙480 C:\WINDOWS\system32\libdivx.dll
2006-05-19 14:59 94˙720 C:\WINDOWS\system32\iphlpapi.dll
2006-05-19 14:59 148˙480 C:\WINDOWS\system32\dnsapi.dll
2006-05-19 14:59 111˙616 C:\WINDOWS\system32\dhcpcsvc.dll
2006-05-04 11:15 47˙329 C:\WINDOWS\php.ini
2006-05-04 11:14 4˙571˙192 C:\WINDOWS\system32\php5ts.dll
2006-05-02 21:16 1 C:\WINDOWS\system32\m3.dll
2006-04-21 17:11 376 C:\WINDOWS\wcx_ftp.ini


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-07-21 00:43 73˙728 C:\WINDOWS\system32\asuninst.exe
2006-07-21 00:43 11˙776 C:\WINDOWS\system32\ZPORT4AS.dll
2006-07-19 21:55 98˙304 C:\WINDOWS\system32\CmdLineExt.dll
2006-07-19 21:55 62˙672 C:\WINDOWS\system32\xinput1_1.dll
2006-07-19 21:55 61˙136 C:\WINDOWS\system32\xinput9_1_0.dll
2006-07-19 21:55 230˙168 C:\WINDOWS\system32\xactengine2_2.dll
2006-07-19 21:55 230˙096 C:\WINDOWS\system32\xactengine2_0.dll
2006-07-19 21:55 229˙584 C:\WINDOWS\system32\xactengine2_1.dll
2006-07-19 21:55 2˙388˙176 C:\WINDOWS\system32\d3dx9_30.dll
2006-07-19 21:55 2˙337˙488 C:\WINDOWS\system32\d3dx9_25.dll
2006-07-19 21:55 2˙332˙368 C:\WINDOWS\system32\d3dx9_29.dll
2006-07-19 21:55 2˙323˙664 C:\WINDOWS\system32\d3dx9_28.dll
2006-07-19 21:55 2˙319˙568 C:\WINDOWS\system32\d3dx9_27.dll
2006-07-19 21:55 2˙222˙800 C:\WINDOWS\system32\d3dx9_24.dll
2006-07-19 21:55 14˙032 C:\WINDOWS\system32\x3daudio1_0.dll
2006-07-19 20:25 64 C:\WINDOWS\wininit.ini
2006-07-19 20:01 220 C:\WINDOWS\dwin.sys
2006-07-19 19:58 99˙328 C:\WINDOWS\system32\Cdrip.dll
2006-07-19 19:58 86˙528 C:\WINDOWS\system32\lame_enc.dll
2006-07-19 19:58 321˙536 C:\WINDOWS\system32\mmmpeg.dll
2006-07-19 19:58 284˙160 C:\WINDOWS\system32\Mmmpeg32.dll
2006-07-19 19:58 256˙512 C:\WINDOWS\system32\MMCDDA32.dll
2006-07-19 19:57 84˙480 C:\WINDOWS\system32\MMCapWin.dll
2006-07-19 19:57 643˙072 C:\WINDOWS\system32\DolbyHph.dll
2006-07-19 19:57 40˙960 C:\WINDOWS\system32\DolbyHphMM.dll
2006-07-19 19:57 159˙744 C:\WINDOWS\system32\ComCSDecoder.dll
2006-07-19 19:57 102˙400 C:\WINDOWS\system32\DMO_CSDecode.dll
2006-07-19 19:56 53˙248 C:\WINDOWS\system32\dcfft2.dll
2006-07-19 19:56 143˙360 C:\WINDOWS\system32\DMO_TSXT.dll
2006-07-19 19:56 143˙360 C:\WINDOWS\system32\ComTruSurroundXT.dll
2006-07-19 18:21 0 C:\IO.SYS
2006-07-19 15:16 4˙571˙192 C:\WINDOWS\system32\php5ts.dll
2006-07-19 15:14 47˙329 C:\WINDOWS\php.ini
2006-07-19 15:14 29 C:\WINDOWS\system32\UNWISE.INI
2006-07-19 15:14 149˙504 C:\WINDOWS\system32\UNWISE.EXE
2006-07-11 15:16 2˙297˙552 C:\WINDOWS\system32\d3dx9_26.dll
2006-07-09 18:23 336 C:\WINDOWS\SIERRA.INI
2006-06-30 11:43 84 C:\WINDOWS\WSST_Screen_Saver.ini
2006-06-25 00:27 237˙568 C:\WINDOWS\glut32.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"F-Secure Manager"="\"C:\\Program Files\\F-Secure\\Common\\FSM32.EXE\" /splash"
"F-Secure TNB"="\"C:\\Program Files\\F-Secure\\TNB\\TNBUtil.exe\" /CHECKALL"
"SiSUSBRG"="C:\\WINDOWS\\SiSUSBrg.exe"
"Cmaudio"="RunDll32 cmicnfg.dll,CMICtrlWnd"
"QuickTime Task"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"nwiz"="nwiz.exe /install"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"MessengerPlus3"="\"C:\\Program Files\\MessengerPlus! 3\\MsgPlus.exe\""
"SunJavaUpdateSched"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"LVCOMSX"="C:\\WINDOWS\\system32\\LVCOMSX.EXE"
"LogitechVideoRepair"="C:\\Program Files\\Logitech\\Video\\ISStart.exe "
"LogitechVideoTray"="C:\\Program Files\\Logitech\\Video\\LogiTray.exe"
"Logitech Utility"="Logi_MwX.Exe"
"mmtask"="c:\\Program Files\\MusicMatch\\MusicMatch Jukebox\\mmtask.exe"
"TkBellExe"="\"C:\\Program Files\\Common Files\\Real\\Update_OB\\realsched.exe\" -osboot"
"DAEMON Tools-1033"="\"C:\\Program Files\\D-Tools\\daemon.exe\" -lang 1033"
"RemoveWGA"="C:\\Documents and Settings\\Nyers Corp\\Desktop\\RemoveWGA.exe -startup"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\IMAIL]
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MAPI]
"NoChange"="1"
"Installed"="1"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run\OptionalComponents\MSFS]
"Installed"="1"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\ctfmon.exe"
"PicoZip"="C:\\Program Files\\PicoZip\\PicoZipTray.exe"
"LDM"="C:\\Program Files\\Logitech\\Desktop Messenger\\8876480\\Program\\LogitechDesktopMessenger.exe"
"LogitechSoftwareUpdate"="\"C:\\Program Files\\Logitech\\Video\\ManifestEngine.exe\" boot"
"TClock.exe"="C:\\Program Files\\TClock\\tclock_install.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]
"homepage.monitor.exe"="C:\\Program Files\\Media-Codec\\isamonitor.exe"
"pmsngr.exe"="C:\\Program Files\\Media-Codec\\pmsngr.exe"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\run]
"{609C5F83-0700-1038-1021-020225200024}"="\"C:\\Program Files\\Common Files\\{609C5F83-0700-1038-1021-020225200024}\\Update.exe\" mc-110-12-0000272"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system]
"DisableTaskMgr"=dword:00000000
"NoDispAppearancePage"=dword:00000000
"NoColorChoice"=dword:00000000
"NoSizeChoice"=dword:00000000
"NoDispBackgroundPage"=dword:00000000
"NoDispScrSavPage"=dword:00000000
"NoDispCPL"=dword:00000000
"NoVisualStyleChoice"=dword:00000000
"NoDispSettingsPage"=dword:00000000

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000000

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\System32\\CTFMON.EXE"

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""



Contents of the 'Scheduled Tasks' folder

Completion time: 2006. 07. 21. 3:01:48,79
ComboFix ver 06.07.20 - This logfile is located at C:\ComboFix.txt

ComboFix.txt

Thx in advance!

Edited by KoanYorel, 20 July 2006 - 08:51 PM.


BC AdBot (Login to Remove)

 


m

#2 Pip#33

Pip#33
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:02:16 AM

Posted 21 July 2006 - 06:20 AM

It was a tough job, I've managed to kill this damn following the instructions of this help.

I would like to say thank you to all, who takes the time and help other people, it's really nice of you. I appreciate it much!

Hooah!

:thumbsup:

Edited by Pip#33, 21 July 2006 - 06:21 AM.


#3 MFDnSC

MFDnSC

    Ret. Director I/T


  • Members
  • 4,310 posts
  • OFFLINE
  •  
  • Local time:07:16 PM

Posted 22 July 2006 - 01:17 PM

Since you say its fix I'll close it
"Nothing could be finer than to be in South Carolina ............"

Member ASAP




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users