Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Pop-ups Right And Left, Not Sure Why.


  • This topic is locked This topic is locked
4 replies to this topic

#1 scfp

scfp

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 07 August 2006 - 09:05 PM

I recently got hit with SurfSideKick3. Search and Destroy found it, but couldn't delete ALL of the associated files. I used this forum and others to remove it.. After monkeying around S&D was eventually able to delete all of the problem files. I downloaded all of the most recent S&D updates, immunized, and I thought all was well.

I continue to get all kinds of pop-ups. I have a pop-up blocker set to block everything, yet all of these windows opening up right and left. I can't figure out what is causing the problem.

I downloaded and ran the stinger program and found nothing.

I than ran Search and Destroy again, and it found one problem - "AstaKiller" - HKEY_LOCAL_MACHINE\SOFTWARE\Cowabunga This was able to be "fixed" by S&D

Finally I ran HijackThis. I've pasted the log below.... any help would be GREATLY appreciated. Thanks in advance..

-scfp


***** LOG *****


Logfile of HijackThis v1.99.1
Scan saved at 9:58:58p, on 2006 Aug 7
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\Windows\System32\smss.exe
C:\Windows\system32\winlogon.exe
C:\Windows\system32\services.exe
C:\Windows\system32\lsass.exe
C:\Windows\system32\svchost.exe
C:\Windows\System32\svchost.exe
C:\Windows\system32\spoolsv.exe
C:\Program Files\Common Files\Command Software\dvpapi.exe
c:\program files\mcafee.com\agent\mcdetect.exe
c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
C:\Windows\system32\rundll32.exe
C:\Windows\Explorer.EXE
C:\Windows\system32\redistributor.exe
C:\Windows\system32\wscntfy.exe
C:\Program Files\MEDITECH\Word Processor\MEditor.exe
C:\hijackthis\HijackThis.exe

R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Bar = about:blank
R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Bar = http://go.compaq.com/1Q00CDT/0409/bl8.asp
R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Search Page = about:blank
R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = https://activatemydsl.verizon.net/SmartAcce...exit_window.asp
R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyOverride = 127.0.0.1
R3 - Default URLSearchHook is missing
F2 - REG:system.ini: Shell=Explorer.exe, C:\Windows\system32\gncpy.exe
F2 - REG:system.ini: UserInit=C:\WINDOWS\system32\userinit.exe,rijtjwl.exe
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar1.dll
O3 - Toolbar: (no name) - {9A9C9B68-F908-4AAB-8D0C-10EA8997F37E} - (no file)
O4 - HKLM\..\Run: [MSConfig] C:\WINDOWS\PCHealth\HelpCtr\Binaries\MSConfig.exe /auto
O8 - Extra context menu item: &Google Search - res://c:\program files\google\GoogleToolbar1.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\GoogleToolbar1.dll/cmwordtrans.html
O8 - Extra context menu item: Backward Links - res://c:\program files\google\GoogleToolbar1.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\GoogleToolbar1.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\GoogleToolbar1.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\GoogleToolbar1.dll/cmtrans.html
O9 - Extra button: (no name) - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra 'Tools' menuitem: Sun Java Console - {08B0E5C0-4FCB-11CF-AAA5-00401C608501} - C:\Program Files\Java\jre1.5.0_06\bin\ssv.dll
O9 - Extra button: AIM - {AC9E2541-2814-11d5-BC6D-00B0D0A1DE45} - C:\Program Files\AIM\aim.exe
O9 - Extra button: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra 'Tools' menuitem: PartyPoker.com - {B7FE5D70-9AA2-40F1-9C6B-12A255F085E1} - C:\Program Files\PartyGaming\PartyPoker\RunApp.exe
O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe
O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll
O15 - Trusted Zone: *.dollarrevenue.com
O15 - Trusted Zone: *.sxload.com
O15 - Trusted Zone: http://click.getmirar.com (HKLM)
O15 - Trusted Zone: http://click.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://redirect.mirarsearch.com (HKLM)
O15 - Trusted Zone: http://awbeta.net-nucleus.com (HKLM)
O16 - DPF: {4ED9DDF0-7479-4BBE-9335-5A1EDB1D8A21} (McAfee.com Operating System Class) - http://download.mcafee.com/molbin/shared/m...01/mcinsctl.cab
O16 - DPF: {5526B4C6-63D6-41A1-9783-0FABF529859A} - http://cabs.elitemediagroup.net/cabs/mediaview.cab
O16 - DPF: {F919FBD3-A96B-4679-AF26-F551439BB5FD} - mk:@MSITStore:C:\DOCUME~1\SCIPURA\LOCALS~1\Temp\winfix.chm::/SystemDoctor2006FreeInstall.cab
O18 - Filter: text/html - {B5F86455-BF18-4E12-965A-6642A0AC0549} - C:\Windows\system32\xeymi.dll
O20 - Winlogon Notify: logons - C:\Windows\system32\redist.dll
O20 - Winlogon Notify: ThemeManager - C:\Windows\system32\p64u0gh9e64.dll
O23 - Service: DvpApi (dvpapi) - Command Software Systems, Inc. - C:\Program Files\Common Files\Command Software\dvpapi.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: McAfee WSC Integration (McDetect.exe) - McAfee, Inc - c:\program files\mcafee.com\agent\mcdetect.exe
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc - c:\PROGRA~1\mcafee.com\agent\mctskshd.exe
O23 - Service: McAfee SecurityCenter Update Manager (mcupdmgr.exe) - McAfee, Inc - C:\PROGRA~1\McAfee.com\Agent\mcupdmgr.exe
O23 - Service: MrobeService - OLYMPUS IMAGING CORP. - C:\Windows\system32\MRobeService.exe
O23 - Service: Intel® NMS (NMSSvc) - Intel Corporation - C:\Windows\System32\NMSSvc.exe

BC AdBot (Login to Remove)

 


#2 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:37 AM

Posted 07 August 2006 - 11:16 PM

Hi and welcome to Bleeping Computer! My name is Sam and I will be helping you. :thumbsup:



Please download ComboFix and save it to your desktop.
Double click combofix.exe and follow the prompts.
When it's done running it will produce a log for you. Please post that log in your next reply.

Important Note - Do not mouseclick combofix's window whilst it's running. That may cause it to stall.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#3 scfp

scfp
  • Topic Starter

  • Members
  • 2 posts
  • OFFLINE
  •  
  • Local time:12:37 PM

Posted 08 August 2006 - 04:18 AM

Thanks for the reply. I ran combofix, below is the log produced. Also, I already notice that pop-ups aren't appearing at this point. Previously if I clicked a link or changed the address bar, pop-ups would appear... but opening explorer, my email, travelling to this page didn't produce any pop-ups. Just thought I would add that. Here's the log:


Start Time= Tue 2006 Aug 08 5:10:19.57
Running from: C:\Documents and Settings\SCIPURA\Desktop

((((((((((((((((((((((((((((((((((((((((((((( Look2Me's Log ))))))))))))))))))))))))))))))))))))))))))))))))))


HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\crypt32chain
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cryptnet
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cscdll
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\logons
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ScCertProp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\Schedule
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\sclgntfy
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\SensLogn
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\termsrv
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wlballoon
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\wzcnotif


* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


REGISTRY ENTRIES REMOVED:

[HKEY_CLASSES_ROOT\clsid\{924C7FA0-65C4-457B-9E92-91D06EBD0609}]
@=""

[HKEY_CLASSES_ROOT\clsid\{924C7FA0-65C4-457B-9E92-91D06EBD0609}\Implemented Categories]
@=""

[HKEY_CLASSES_ROOT\clsid\{924C7FA0-65C4-457B-9E92-91D06EBD0609}\Implemented Categories\{00021492-0000-0000-C000-000000000046}]
@=""

[HKEY_CLASSES_ROOT\clsid\{924C7FA0-65C4-457B-9E92-91D06EBD0609}\InprocServer32]
@="C:\\Windows\\system32\\nuptools.dll"
"ThreadingModel"="Apartment"

* * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


FILES REMOVED:

C:\WINDOWS\SYSTEM32\dround3d.dll
C:\WINDOWS\SYSTEM32\guard.tmp_tobedeleted
C:\WINDOWS\SYSTEM32\m2po0c73ef.dll
C:\WINDOWS\SYSTEM32\nuptools.dll
C:\WINDOWS\SYSTEM32\p64u0gh9e64.dll
C:\WINDOWS\SYSTEM32\s8pu0i79e8.dll
C:\WINDOWS\SYSTEM32\stssetup.dll


Granting sedebugprivilege to Administrators ... successful


((((((((((((((((((((((((((((((((((((((((((((( Qoologic's Log )))))))))))))))))))))))))))))))))))))))))))))))))))

5:10:46.65

Not all files found by this method are bad. There may be legitimate files found
This log should be examined by a trained analyst


* * * PRE-RUN - Filepaths extracted from the Registry * * * * * * * * * * * * * * * * * * * * * *


C:\Windows\system32\qellyq.exe
C:\Windows\system32\gncpy.exe
C:\Windows\system32\rijtjwl.exe


* * * PRE-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-08-05 14:28:50 127,488 "C:\WINDOWS\system32\qellyq.exe"
2006-07-31 16:03:08 1,163,264 "C:\WINDOWS\system32\riwzkn.exe"
2006-08-05 14:27:18 2 "C:\WINDOWS\system32\wintcc.exe"
2006-08-05 14:26:26 45,056 "C:\WINDOWS\system32\ghynf.exe"
2006-08-05 14:28:50 28,672 "C:\WINDOWS\system32\gncpy.exe"
2006-08-05 14:26:26 36,864 "C:\WINDOWS\system32\n9nyb.exe"
2006-08-05 14:26:56 36,864 "C:\WINDOWS\system32\uvzgi.exe"
2006-08-05 14:29:42 48,167 "C:\WINDOWS\system32\VSL05.exe"
2006-08-05 14:29:34 159,744 "C:\WINDOWS\system32\redist.dll"
2006-08-05 14:28:50 23,552 "C:\WINDOWS\system32\rijtjwl.exe"
2006-08-05 14:28:50 51,712 "C:\WINDOWS\system32\vlkmpyw.dll"
2006-08-05 14:26:34 380,928 "C:\WINDOWS\system32\WinNB58.dll"
2006-08-08 05:07:00 351 "C:\WINDOWS\oyrsp.dll"
2006-08-05 14:28:44 53 "C:\WINDOWS\pcnwqo.dat"
2006-08-05 14:28:50 127,488 "C:\Documents and Settings\All Users\Start Menu\Programs\Startup\ilwmf.exe"


* * * POST-RUN - Files in the Quarantine folder * * * * * * * * * * * * * * * * * * * * * * * * *


2006 Aug 05 02:28p 127,488 qellyq.exe.vir
2006 Aug 05 02:28p 127,488 ilwmf.exe.vir
2006 Aug 05 02:28p 51,712 vlkmpyw.dll.vir
2006 Aug 05 02:28p 28,672 gncpy.exe.vir
2006 Aug 05 02:28p 23,552 rijtjwl.exe.vir
2006 Aug 05 02:28p 53 pcnwqo.dat.vir


DO NOT DELETE ANY FILES FROM THIS DIRECTORY UNLESS INSTRUCTED TO


* * * POST-RUN - Filepaths from Locate * * * * * * * * * * * * * * * * * * * * * * * * * * * * * *


2006-07-31 16:03:08 1,163,264 "C:\WINDOWS\system32\riwzkn.exe"
2006-08-05 14:27:18 2 "C:\WINDOWS\system32\wintcc.exe"
2006-08-05 14:26:26 45,056 "C:\WINDOWS\system32\ghynf.exe"
2006-08-05 14:26:26 36,864 "C:\WINDOWS\system32\n9nyb.exe"
2006-08-05 14:26:56 36,864 "C:\WINDOWS\system32\uvzgi.exe"
2006-08-05 14:29:42 48,167 "C:\WINDOWS\system32\VSL05.exe"
2006-08-05 14:26:34 380,928 "C:\WINDOWS\system32\WinNB58.dll"
2006-08-05 14:29:34 159,744 "C:\WINDOWS\system32\redist.dll"
2006-08-08 05:07:00 351 "C:\WINDOWS\oyrsp.dll"


(((((((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))


C:\dfndrff_7.exe
C:\kybrdff_7.exe
C:\Documents and Settings\SCIPURA\Local Settings\Temp\drsmartload180a.exe
C:\WINDOWS\keyboard1.dat
C:\MTE3NDI6ODoxNgnew.exe
C:\warebundlenewer.exe


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-08-08 05:07:00 351 ( A.... ) "C:\WINDOWS\oyrsp.dll"
2006-08-07 20:58:30 ( .D... ) "C:\Program Files\Analog Devices"
2006-08-05 14:30:48 578560 ( A.... ) "C:\Installer3.exe"
2006-08-05 14:30:42 32443 ( A.... ) "C:\WINDOWS\system32\uninstIcn.exe"
2006-08-05 14:30:34 32768 ( ..... ) "C:\nwnmff_7.exe_tobedeleted"
2006-08-05 14:30:28 38412 ( A.... ) "C:\WINDOWS\ssqbn.exe"
2006-08-05 14:30:28 14617 ( A.... ) "C:\WINDOWS\xload.exe"
2006-08-05 14:29:42 48167 ( A.... ) "C:\WINDOWS\system32\VSL05.exe"
2006-08-05 14:29:40 111104 ( A.... ) "C:\numbsoftnew.exe"
2006-08-05 14:29:38 1167 ( A.... ) "C:\WINDOWS\system32\bvh9f801.sys"
2006-08-05 14:29:38 1167 ( A.... ) "C:\WINDOWS\system32\bvh9f801.sys"
2006-08-05 14:29:36 389632 ( A.... ) "C:\webnexmknew.exe"
2006-08-05 14:29:36 61952 ( A.... ) "C:\WINDOWS\system32\bvh9f801.dll"
2006-08-05 14:29:34 159744 ( A.... ) "C:\WINDOWS\system32\redist.dll"
2006-08-05 14:29:34 126464 ( A.... ) "C:\WINDOWS\system32\redistributor.exe"
2006-08-05 14:29:30 ( .D... ) "C:\Program Files\PSHope"
2006-08-05 14:29:26 184829 ( A.... ) "C:\WINDOWS\srvknhdgkm.exe"
2006-08-05 14:29:24 235134 ( A.... ) "C:\WINDOWS\srvaqqfkiq.exe"
2006-08-05 14:29:24 2560 ( A.... ) "C:\ac3_0003.exe"
2006-08-05 14:29:22 ( .D... ) "C:\Program Files\System Icons"
2006-08-05 14:29:22 ( .D... ) "C:\Program Files\System Files"
2006-08-05 14:29:12 587776 ( A.... ) "C:\626_101newer.exe"
2006-08-05 14:28:56 27648 ( A.... ) "C:\dist13.exe"
2006-08-05 14:28:42 32256 ( ..... ) "C:\WINDOWS\system32\dmonwv.dll_tobedeleted"
2006-08-05 14:28:14 ( .D... ) "C:\Program Files\Common Files\mzqk"
2006-08-05 14:27:50 30208 ( A.... ) "C:\SS1001newer.exe"
2006-08-05 14:27:44 143360 ( A.... ) "C:\WINDOWS\sys0256199451-2.exe"
2006-08-05 14:27:32 14848 ( A.... ) "C:\stub_113_4_0_4_0newer.exe"
2006-08-05 14:27:18 232749 ( A.... ) "C:\WINDOWS\pf78.exe"
2006-08-05 14:27:18 45056 ( A.... ) "C:\WINDOWS\system32zkdmg.exe"
2006-08-05 14:27:18 36864 ( A.... ) "C:\WINDOWS\system32uvzgi.exe"
2006-08-05 14:27:18 28672 ( A.... ) "C:\WINDOWS\system32tpsd.exe"
2006-08-05 14:27:18 2 ( A.... ) "C:\WINDOWS\system32\wintcc.exe"
2006-08-05 14:27:14 110592 ( A.... ) "C:\WINDOWS\v1201.exe"
2006-08-05 14:27:12 467968 ( A.... ) "C:\visfx500new.exe"
2006-08-05 14:26:58 36608 ( ..... ) "C:\WINDOWS\nem220.dll_tobedeleted"
2006-08-05 14:26:58 32768 ( A.... ) "C:\WINDOWS\unstall.exe"
2006-08-05 14:26:56 36864 ( A.... ) "C:\WINDOWS\system32\uvzgi.exe"
2006-08-05 14:26:56 28672 ( A.... ) "C:\WINDOWS\system32\tpsd.exe"
2006-08-05 14:26:50 48190 ( A.... ) "C:\RDFX4.exe"
2006-08-05 14:26:36 57344 ( A.... ) "C:\WINDOWS\cs2m6f.exe"
2006-08-05 14:26:34 380928 ( A.... ) "C:\WINDOWS\system32\WinNB58.dll"
2006-08-05 14:26:30 36864 ( A.... ) "C:\WINDOWS\system32n9nyb.exe"
2006-08-05 14:26:30 28672 ( A.... ) "C:\WINDOWS\system32bez6n4r21.exe"
2006-08-05 14:26:30 0 ( A.... ) "C:\WINDOWS\system32ghynf.exe"
2006-08-05 14:26:26 45056 ( A.... ) "C:\WINDOWS\system32\ghynf.exe"
2006-08-05 14:26:26 36864 ( A.... ) "C:\WINDOWS\system32\n9nyb.exe"
2006-08-05 14:26:26 28672 ( A.... ) "C:\WINDOWS\system32\iqqr.exe"
2006-08-05 14:26:26 28672 ( A.... ) "C:\WINDOWS\system32\bez6n4r21.exe"
2006-08-05 14:26:12 139264 ( A.... ) "C:\WINDOWS\MirarSetup_876075.exe"
2006-08-05 14:26:08 226536 ( A.... ) "C:\WINDOWS\whCC-GIANT.exe"
2006-08-05 14:26:08 ( .D... ) "C:\Program Files\Common Files\dobe"
2006-08-05 14:26:06 57344 ( A.... ) "C:\fym9bvo.exe"
2006-08-03 14:31:28 ( .D... ) "C:\Documents and Settings\SCIPURA\Application Data\Sun"
2006-08-03 14:30:28 ( .D... ) "C:\Program Files\Java"
2006-08-03 14:28:12 ( .D... ) "C:\Program Files\Common Files\Java"
2006-07-31 19:35:00 ( .D... ) "C:\Documents and Settings\SCIPURA\Application Data\OLYMPUS"
2006-07-31 19:28:54 ( .D... ) "C:\Program Files\OLYMPUS"
2006-07-31 16:03:08 1163264 ( A.... ) "C:\WINDOWS\system32\riwzkn.exe"
2006-07-31 16:02:56 36864 ( A.... ) "C:\WINDOWS\system32\hauc.exe"
2006-07-21 18:55:38 127578 ( A.... ) "C:\WINDOWS\system32\tsuninst.exe"
2006-07-13 10:38:12 389120 ( A.... ) "C:\WINDOWS\system32\nodeipproc.dll"
2006-06-30 01:23:42 ( .D... ) "C:\Documents and Settings\SCIPURA\Application Data\Help"
2006-06-30 01:23:18 ( .D... ) "C:\Program Files\WinRAR"


(((((((((((((((((((((((((((((((((((((( Files Created - Last 30days )))))))))))))))))))))))))))))))))))))))))))


2006-08-05 14:30 578,560 C:\Installer3.exe
2006-08-05 14:30 38,412 C:\Windows\ssqbn.exe
2006-08-05 14:30 14,617 C:\Windows\xload.exe
2006-08-05 14:29 61,952 C:\Windows\system32\bvh9f801.dll
2006-08-05 14:29 587,776 C:\626_101newer.exe
2006-08-05 14:29 48,167 C:\Windows\system32\VSL05.exe
2006-08-05 14:29 389,632 C:\webnexmknew.exe
2006-08-05 14:29 32,443 C:\Windows\system32\uninstIcn.exe
2006-08-05 14:29 235,134 C:\Windows\srvaqqfkiq.exe
2006-08-05 14:29 2,560 C:\ac3_0003.exe
2006-08-05 14:29 184,829 C:\Windows\srvknhdgkm.exe
2006-08-05 14:29 159,744 C:\Windows\system32\redist.dll
2006-08-05 14:29 126,464 C:\Windows\system32\redistributor.exe
2006-08-05 14:29 111,104 C:\numbsoftnew.exe
2006-08-05 14:29 1,167 C:\Windows\system32\bvh9f801.sys
2006-08-05 14:28 351 C:\Windows\oyrsp.dll
2006-08-05 14:28 27,648 C:\dist13.exe
2006-08-05 14:28 127,578 C:\Windows\system32\tsuninst.exe
2006-08-05 14:27 884,304 C:\Windows\olorlpjA.exe
2006-08-05 14:27 467,968 C:\visfx500new.exe
2006-08-05 14:27 45,056 C:\Windows\system32zkdmg.exe
2006-08-05 14:27 36,864 C:\Windows\system32uvzgi.exe
2006-08-05 14:27 30,208 C:\SS1001newer.exe
2006-08-05 14:27 28,672 C:\Windows\system32tpsd.exe
2006-08-05 14:27 232,749 C:\Windows\pf78.exe
2006-08-05 14:27 21,504 C:\Windows\offun.exe
2006-08-05 14:27 2 C:\Windows\system32\wintcc.exe
2006-08-05 14:27 143,360 C:\Windows\sys0256199451-2.exe
2006-08-05 14:27 14,848 C:\stub_113_4_0_4_0newer.exe
2006-08-05 14:27 110,592 C:\Windows\v1201.exe
2006-08-05 14:26 57,344 C:\Windows\cs2m6f.exe
2006-08-05 14:26 57,344 C:\fym9bvo.exe
2006-08-05 14:26 48,190 C:\RDFX4.exe
2006-08-05 14:26 45,056 C:\Windows\system32\ghynf.exe
2006-08-05 14:26 380,928 C:\Windows\system32\WinNB58.dll
2006-08-05 14:26 36,864 C:\Windows\system32n9nyb.exe
2006-08-05 14:26 36,864 C:\Windows\system32\uvzgi.exe
2006-08-05 14:26 36,864 C:\Windows\system32\n9nyb.exe
2006-08-05 14:26 36,864 C:\Windows\system32\hauc.exe
2006-08-05 14:26 32,768 C:\Windows\unstall.exe
2006-08-05 14:26 28,672 C:\Windows\system32bez6n4r21.exe
2006-08-05 14:26 28,672 C:\Windows\system32\tpsd.exe
2006-08-05 14:26 28,672 C:\Windows\system32\iqqr.exe
2006-08-05 14:26 28,672 C:\Windows\system32\bez6n4r21.exe
2006-08-05 14:26 226,536 C:\Windows\whCC-GIANT.exe
2006-08-05 14:26 139,264 C:\Windows\MirarSetup_876075.exe
2006-08-05 14:26 1,163,264 C:\Windows\system32\riwzkn.exe
2006-08-05 14:26 0 C:\Windows\system32ghynf.exe
2006-08-03 14:31 49,250 C:\Windows\system32\javaw.exe
2006-08-03 14:31 49,248 C:\Windows\system32\java.exe
2006-08-03 14:31 127,078 C:\Windows\system32\javaws.exe
2006-07-31 19:29 65,536 C:\Windows\system32\MrobeService.exe
2006-07-31 19:28 761,856 C:\Windows\system32\CDDBUI.dll
2006-07-31 19:28 577,536 C:\Windows\system32\CDDBControl.dll
2006-07-13 10:38 389,120 C:\Windows\system32\nodeipproc.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"MSConfig"="C:\\WINDOWS\\PCHealth\\HelpCtr\\Binaries\\MSConfig.exe /auto"
"MCUpdateExe"="c:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"NwCplMonitor"="C:\\Windows\\system32\\redistributor.exe"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonce]
"wXsX56B0n"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex]
"flags"=dword:00000008

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\runonceex\000]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoActiveDesktopChanges"=dword:00000000

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer\run]

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\0]
"Source"="C:\\Program Files\\microsoft frontpage\\kybevira.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,e8,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\1]
"Source"="C:\\Program Files\\MSN Gaming Zone\\hoxy.html"
"SubscribedURL"=""
"FriendlyName"=""
"Flags"=dword:00002000
"Position"=hex:2c,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,00,00,ea,\
03,00,00,00,00,00,00,00,00,00,00,00,00,00,00,14,00,00,00,14,00,00,00
"CurrentState"=hex:01,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,64,00,00,00,64,00,00,00,58,02,00,00,c8,00,\
00,00,01,00,00,00
"RestoredStateInfo"=hex:00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,00,\
00,00,00,00,00,00

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components\2]
"Source"="About:Home"
"SubscribedURL"="About:Home"
"FriendlyName"="My Current Home Page"
"Flags"=dword:00000002
"Position"=hex:2c,00,00,00,c5,00,00,00,00,00,00,00,14,03,00,00,00,03,00,00,00,\
00,00,00,01,00,00,00,01,00,00,00,01,00,00,00,00,00,00,00,00,00,00,00
"CurrentState"=hex:04,00,00,40
"OriginalStateInfo"=hex:18,00,00,00,ff,ff,00,00,ff,ff,00,00,ff,ff,ff,ff,ff,ff,\
ff,ff,04,00,00,00
"RestoredStateInfo"=hex:18,00,00,00,6a,02,00,00,23,00,00,00,a4,00,00,00,9a,00,\
00,00,01,00,00,00

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"
"{AC1B4DA2-12FA-31F2-1A7D-CD2B14E6AD4E}"="USB Mouse Driver"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^ilwmf.exe]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ilwmf.exe"
"backup"="C:\\Windows\\pss\\ilwmf.exeCommon Startup"
"location"="Common Startup"
"command"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\ilwmf.exe"
"item"="ilwmf"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^m-trip Launcher.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\m-trip Launcher.lnk"
"backup"="C:\\Windows\\pss\\m-trip Launcher.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\OLYMPUS\\m-trip\\Bin\\M-TRIP~1.EXE "
"item"="m-trip Launcher"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\A Verizon App]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VERIZO~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\VERIZO~1.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ACTX1]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="v1201"
"hkey"="HKLM"
"command"="C:\\Windows\\v1201.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\bvh9f801]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RUNDLL32"
"hkey"="HKLM"
"command"="RUNDLL32.EXE w41e893e.dll,n 0029f7ff0000000341e893e"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\CPQEASYACC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="StartEAK"
"hkey"="HKLM"
"command"="C:\\Program Files\\COMPAQ\\Easy Access Button Support\\StartEAK.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="dfndrff_7"
"hkey"="HKLM"
"command"="C:\\\\dfndrff_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\EM_EXEC]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="EM_EXEC"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Logitech\\MOUSEW~1\\SYSTEM\\EM_EXEC.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\k6mmN5IOU]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="wfxqhv"
"hkey"="HKLM"
"command"="\"C:\\Windows\\system32\\wfxqhv.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\keyboard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="kybrdff_7"
"hkey"="HKLM"
"command"="C:\\\\kybrdff_7.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\lrvfa]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qellyq"
"hkey"="HKCU"
"command"="C:\\Windows\\system32\\qellyq.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCAgentExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcagent"
"hkey"="HKLM"
"command"="c:\\PROGRA~1\\mcafee.com\\agent\\mcagent.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MCUpdateExe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mcupdate"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\mcafee.com\\agent\\mcupdate.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Motive SmartBridge]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MotiveSB"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\VERIZO~1\\HELPSU~1\\SMARTB~1\\MotiveSB.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\mzqk]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="mzqkm"
"hkey"="HKCU"
"command"="C:\\PROGRA~1\\COMMON~1\\mzqk\\mzqkm.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\olorlpjA]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="olorlpjA"
"hkey"="HKLM"
"command"="C:\\Windows\\olorlpjA.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PSLister]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PSLister"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\PSLister\\PSLister.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pupdyo]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qellyq"
"hkey"="HKLM"
"command"="C:\\Windows\\system32\\qellyq.exe reg_run"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Smapp]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Smtray"
"hkey"="HKLM"
"command"="; C:\\Program Files\\Analog Devices\\SoundMAX\\Smtray.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SpybotSnD]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SpybotSD"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Spybot - Search & Destroy\\SpybotSD.exe\" /autocheck /autofix"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SunJavaUpdateSched]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="jusched"
"hkey"="HKLM"
"command"="C:\\Program Files\\Java\\jre1.5.0_06\\bin\\jusched.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SurfSideKick 3]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="Ssk"
"hkey"="HKCU"
"command"="C:\\Program Files\\SurfSideKick 3\\Ssk.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\sys0256199451-2]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="sys0256199451-2"
"hkey"="HKLM"
"command"="C:\\Windows\\sys0256199451-2.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\TheMonitor]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SYSC00"
"hkey"="HKLM"
"command"="C:\\Windows\\SYSC00.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\VerizonServicepoint.exe]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="VerizonServicepoint"
"hkey"="HKLM"
"command"="C:\\Program Files\\Verizon\\Servicepoint\\VerizonServicepoint.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\ViewMgr]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ViewMgr"
"hkey"="HKLM"
"command"="C:\\Program Files\\Viewpoint\\Viewpoint Manager\\ViewMgr.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\webHancer Survey Companion]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="whSurvey"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\webHancer\\Programs\\whSurvey.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Windows Defender]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="MSASCui"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Windows Defender\\MSASCui.exe\" -hide"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\xload]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="xload"
"hkey"="HKLM"
"command"="\"C:\\Windows\\xload.exe\""
"inimapping"="0"

HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\system
DisableTaskMgr REG_DWORD 0 (0x0)
NoDispAppearancePage REG_DWORD 0 (0x0)
NoColorChoice REG_DWORD 0 (0x0)
NoSizeChoice REG_DWORD 0 (0x0)
NoDispBackgroundPage REG_DWORD 0 (0x0)
NoDispScrSavPage REG_DWORD 0 (0x0)
NoDispCPL REG_DWORD 0 (0x0)
NoVisualStyleChoice REG_DWORD 0 (0x0)
NoDispSettingsPage REG_DWORD 0 (0x0)



Contents of the 'Scheduled Tasks' folder
C:\Windows\tasks\Spybot - Search & Destroy - Scheduled Task.job

Completion time: Tue 2006 Aug 08 5:12:42.95
ComboFix ver 06.07.15/28 - This logfile is located at C:\ComboFix.txt

#4 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:37 AM

Posted 08 August 2006 - 06:20 AM

You've got a badly infected computer there my friend. :thumbsup:
It's nothing that we can't get cleaned up for you in a few steps though.



Please download Look2Me-Destroyer.exe to your desktop.
  • Close all windows before continuing.
  • Double-click Look2Me-Destroyer.exe to run it.
  • Put a check next to Run this program as a task.
  • You will receive a message saying Look2Me-Destroyer will close and re-open in approximately 10 seconds. Click OK
  • When Look2Me-Destroyer re-opens, click the Scan for L2M button, your desktop icons will disappear, this is normal.
  • Once it's done scanning, click the Remove L2M button.
  • You will receive a Done Scanning message, click OK.
  • When completed, you will receive this message: Done removing infected files! Look2Me-Destroyer will now shutdown your computer, click OK.
  • Your computer will then shutdown.
  • Turn your computer back on.
  • Please post the contents of C:\Look2Me-Destroyer.txt and a new HiJackThis log.
If you receive a message from your firewall about this program accessing the internet please allow it.

If you receive a runtime error '339' please download MSWINSCK.OCX from the link below and place it in your C:\Windows\System32 Directory.
http://www.ascentive.com/support/new/images/lib/MSWINSCK.OCX



=================


Please run msconfig and enable all startup items.
Then reboot your computer. Startup will be slow and you may get errors on startup. Don't be concerned. We will fix that in a later step.


=================


Before we begin manual deletions, let's run a very good anti-spyware program and see what it can get rid of for us.


Please download Ewido Anti-spyware and save that file to your desktop.
This is a 30 day trial of the program
  • Once you have downloaded ewido anti-spyware, locate the icon on the desktop and double-click it to launch the set up program.
  • Once the setup is complete you will need run Ewido and update the definition files.
  • On the main screen select the icon "Update" then select the "Update now" link.
    • Next select the "Start Update" button, the update will start and a progress bar will show the updates being installed.
  • Once the update has completed select the "Scanner" icon at the top of the screen, then select the "Settings" tab.
  • Once in the Settings screen click on "Recommended actions" and then select "Quarantine".
  • Under "Reports"
    • Select "Automatically generate report after every scan"
    • Un-Select "Only if threats were found"
Close Ewido anti-spyware, Do Not run a scan just yet, we will shortly.
  • Reboot your computer into SafeMode. You can do this by restarting your computer and continually tapping the F8 key until a menu appears. Use your up arrow key to highlight SafeMode then hit enter.
  • Clean out your Temporary Internet files
    • Quit Internet Explorer and quit any instances of Windows Explorer.
    • Click Start -> Control Panel and then double-click Internet Options.
    • On the General tab, click Delete Files under Temporary Internet Files.
    • In the Delete Files dialog box, tick the Delete all offline content check box , and then click OK.
    • On the General tab, click Delete Cookies under Temporary Internet Files, and then click OK.
    • Click on the Programs tab then click the Reset Web Settings button. Click Apply then OK.
    • Click OK.
    IMPORTANT: Close all windows and do not open any other windows or programs while Ewido is scanning, it may interfere with the scanning proccess:

  • Lauch Ewido-anti-spyware by double-clicking the icon on your desktop.
  • Select the "Scanner" icon at the top and then the "Scan" tab then click on "Complete System Scan".
  • Ewido will now begin the scanning process, be patient this may take a little time.
    Once the scan is complete do the following:
  • If you have any infections you will prompted, then select "Apply all actions"
  • Next select the "Reports" icon at the top.
  • Select the "Save report as" button in the lower left hand of the screen and save it to a text file on your system (make sure to remember where you saved that file, this is important).
  • Close Ewido and reboot your system back into Normal Mode and post the results of the Ewido scan report along with a new Hijackthis log.
===============


In your next reply you will likely have to break it up into separate posts. These are the logs I will need to see from you.

Look2Me-Destroyer log
Ewido log
New Hijackthis log(only from after Ewido scan)
New Combofix log(only from after Ewido scan)

Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================

#5 Buckeye_Sam

Buckeye_Sam

    Malware Expert


  • Members
  • 17,382 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:Pickerington, Ohio
  • Local time:11:37 AM

Posted 23 August 2006 - 07:46 AM

This topic has been closed due to a lack of response. If you need this topic reopened, please contact a member of the HJT Team and we will reopen it for you. Include the address of this thread in your request.
Posted Image If I have helped you in any way, please consider a donation to help me continue the fight against malware.


Failing to respond back to the person that is giving up their own time to help you not only is insensitive and disrespectful, but it guarantees that you will never receive help from me again. Please thank your helpers and there will always be help here when you need it!


========================================================




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users