Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

Got Rid Of Vundo, But Something Still Remains


  • Please log in to reply
24 replies to this topic

#1 Ebola0001

Ebola0001

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 20 June 2007 - 07:54 PM

Hey guys i got whacked by a drive by download on the night of the 17th

all kinds of nastiness broke loose

after fighting it back winning small battles, i had it down to one piece an "Adware.Virtumonde"

that was being rather unremoveable.

however I found "VundoFix" through this board and that cleared that up.

HOWEVER now there is still something left that is opening IE sites in the background "Invisibly" directing it to various maliscous sites (that are now blocked and harmless.)

also it goes to tvtopbytes and plays audio over my speakers. which is particularly annoying.


ANYWAY here is the hijack this log... hopefully you can point me to something I missed :)


Logfile of HijackThis v1.99.1
Scan saved at 7:22:37 PM, on 6/20/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
C:\WINDOWS\explorer.exe
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} (CKAVWebScan Object) - http://www.kaspersky.com/kos/eng/partner/d...can_unicode.cab
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\system32\brsvc01a.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: DomainService - Unknown owner - C:\WINDOWS\system32\evjikxqc.exe (file missing)
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

BC AdBot (Login to Remove)

 


#2 sjpritch25

sjpritch25

  • Security Colleague
  • 895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:10:03 PM

Posted 20 June 2007 - 07:59 PM

Welcome to BC :thumbsup:

Download Combofix and save it to your desktop.
http://download.bleepingcomputer.com/sUBs/ComboFix.exe


Note: It is important that it is saved directly to your desktop

Close any open browsers.

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt and a fresh Hijackthis log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Microsoft MVP Consumer Security--2007-2010

#3 Ebola0001

Ebola0001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 20 June 2007 - 08:28 PM

maybe I'm missing something with combo fix, but when I run it it comes up wiht 2 or 3 blue and white text boxes (look like dos windows)


then those go away and nothing, no text files no prompts, nothing. :thumbsup:

I downloaded it straight onto my desktop.

It did add a folder to my cdrive called combofix with alow of various stuff in it but no text file there either

#4 sjpritch25

sjpritch25

  • Security Colleague
  • 895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:10:03 PM

Posted 20 June 2007 - 08:51 PM

Try running it in Safe Mode
Microsoft MVP Consumer Security--2007-2010

#5 Ebola0001

Ebola0001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 20 June 2007 - 09:02 PM

nope same results in safe mode.

the first window that pops up is titled "combofix.exe"
the second window is titled "."

both say "please wait..." in white letters on a blue background

then the second window closes and nothing... still no log file

#6 sjpritch25

sjpritch25

  • Security Colleague
  • 895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:10:03 PM

Posted 20 June 2007 - 10:56 PM

  • Download the file UnHookExec.inf and save it to your Windows desktop.

    Note: The tool has a .inf file extension.
  • Locate the download file, either on the Windows desktop.
  • Right-click the UnHookExec.inf file and click install. (This is a small file. It does not display any notice or boxes when you run it.)
Then try Combofix.exe again
Microsoft MVP Consumer Security--2007-2010

#7 Ebola0001

Ebola0001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 21 June 2007 - 05:30 PM

no change, same two windows..

running it several times I saw that it actually flashes a fault message before the window closes...

ran it alot more times seeing the a few more letters in the message before it closed. (i have fast vision)

anyway what it is saying is that i cannot find "CF_anti-viking.bat".

hope this helps

#8 Ebola0001

Ebola0001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 21 June 2007 - 10:30 PM

Ok, So after some more hunting and scanning, I downloaded SuperAntiSpyware and let ir run, it found the "ads.k8l.info" that was opening stuff in the background as well as a few others lurking in various files but inactive.

now running SuperAntiSpyware, AVG, & Adaware all come up with nothing detected. what else can i scan with to maek sure all of this scum is removed from my life?

thanks again for all the help guys

SUPERAntiSpyware Log. of what it found and fixed

SUPERAntiSpyware Scan Log
http://www.superantispyware.com

Generated 06/21/2007 at 06:53 PM

Application Version : 3.8.1002

Core Rules Database Version : 3259
Trace Rules Database Version: 1270

Scan type : Quick Scan
Total Scan Time : 00:59:21

Memory items scanned : 455
Memory threats detected : 0
Registry items scanned : 821
Registry threats detected : 12
File items scanned : 72396
File threats detected : 164

Adware.k8l
C:\PROGRAM FILES\ONLINE SERVICES\PROFSYDYB.HTML
HKU\S-1-5-21-839522115-2052111302-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0
HKU\S-1-5-21-839522115-2052111302-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0#Source
HKU\S-1-5-21-839522115-2052111302-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0#SubscribedURL
HKU\S-1-5-21-839522115-2052111302-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0#FriendlyName
HKU\S-1-5-21-839522115-2052111302-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0#Flags
HKU\S-1-5-21-839522115-2052111302-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0#Position
HKU\S-1-5-21-839522115-2052111302-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0#CurrentState
HKU\S-1-5-21-839522115-2052111302-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0#OriginalStateInfo
HKU\S-1-5-21-839522115-2052111302-682003330-1003\Software\Microsoft\Internet Explorer\Desktop\Components\0#RestoredStateInfo

Adware.Tracking Cookie
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@ads.allthatsearch[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@campagnes[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@tremor.adbureau[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@interclick[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@1070748332[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@media.cube.ign[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@count1.exitexchange[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@247realmedia[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@findwhat[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@edge.ru4[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@mediatraffic[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@count2.exitexchange[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@anad.tacoda[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@incisivemedia.112.2o7[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@adtech[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@burstnet[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@redorbit.us.intellitxt[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@revsci[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@adopt.euroclick[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@azjmp[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@realmedia[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@www.epilot[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@adserver[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@cgi-bin[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@serving-sys[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@www.burstnet[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@tacoda[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@1069551092[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@ad.firstadsolution[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@bs.serving-sys[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@mdlfr[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@media.pc.ign[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@4.adbrite[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@adopt.specificclick[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@count.exitexchange[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@cpvfeed[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@ads.addynamix[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@franceguide[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@www.burstbeacon[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@ads.adbrite[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@adserver.easyad[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@count3.exitexchange[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@www.stopzilla[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@ads.pointroll[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@count4.exitexchange[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@indexstats[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@adbrite[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@adinterax[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@specificclick[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@enhance[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@trafficmp[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@tribalfusion[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@ads.glispa[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@ad[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@exitexchange[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@heavycom.122.2o7[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@media.ps2.ign[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@www.romnation[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@media.revolution.ign[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@media.wii.ign[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@media.movies.ign[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@media.ps3.ign[1].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@media.games.ign[2].txt
C:\Documents and Settings\Joseph Woodrell\Cookies\joseph woodrell@media.xbox.ign[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\old_laptopfiles\WINDOWS\Cookies\dell@advertising[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\old_laptopfiles\WINDOWS\Cookies\dell@atdmt[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\old_laptopfiles\WINDOWS\Cookies\dell@hg1.hitbox[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\old_laptopfiles\WINDOWS\Cookies\dell@hitbox[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\old_laptopfiles\WINDOWS\Cookies\dell@mediamgr.ugo[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\old_laptopfiles\WINDOWS\Cookies\dell@mediaplex[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\old_laptopfiles\WINDOWS\Cookies\dell@servedby.advertising[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\old_laptopfiles\WINDOWS\Cookies\dell@valueclick[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@a.websponsors[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@a.websponsors[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@ad.yieldmanager[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@ad.yieldmanager[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@ad101com.adbureau[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@adcache.collectorcartraderonline[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@adknowledge[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@adopt.hbmediapro[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@adrevolver[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@adrevolver[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@ads.abcteach[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@ads.addesktop[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@ads.addynamix[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@ads.as4x.tmcs[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@ads.expedia[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@ads.neowin[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@ads.rodnreel[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@ads.speakeasy[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@ads1.revenue[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@ads2.drivelinemedia[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@adserver.wispcentric[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@adserver[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@adserving.autotrader[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@as1.falkag[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@belnk[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@bizrate[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@bizrate[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@bluestreak[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@burstnet[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@burstnet[3].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@c2.gostats[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@casalemedia[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@centralmediaserver[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@click.porngurus[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@click.porngurus[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@clickability[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@counter.mycomputer[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@counter.surfcounters[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@cpvfeed[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@data1.perf.overture[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@data2.perf.overture[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@data3.perf.overture[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@data4.perf.overture[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@dist.belnk[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@ecnext.advertserve[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@hits.clickandtrack[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@icc.intellisrv[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@interclick[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@itxt.vibrantmedia[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@keywordmax[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@linksynergy[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@m1.webstats4u[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@optimost[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@overture[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@perf.overture[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@qnsr[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@regalinteractive[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@revenue[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@revenue[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@revsci[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@revsci[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@roiservice[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@server.cpmstar[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@spylog[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@spylog[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@stats.liutilities[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@stats.manticoretechnology[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@Stats[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@Stats[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@surveys.spotsitemedia[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@targetnet[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@tracking.foxnews[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@tradedoubler[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@tribalfusion[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@tribalfusion[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@tripod[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@www.analsexlessons[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@www.cibleclick[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@www.eztrackz[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@www.xctrk[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Cookies\wpm@xml.bravenetmedianetwork[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Local Settings\Temp\Cookies\wpm@adknowledge[1].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Local Settings\Temp\Cookies\wpm@overture[2].txt
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\recovered2\[NTFS]\Documents and Settings\WPM\Local Settings\Temp\Cookies\wpm@tradedoubler[1].txt

Trojan.Downloader-Gen/DriverM
HKCR\CLSID\{B426F491-094C-43D4-8F16-ED4AE190032D}
HKCR\CLSID\{B426F491-094C-43D4-8F16-ED4AE190032D}\InprocServer32
HKCR\CLSID\{B426F491-094C-43D4-8F16-ED4AE190032D}\InprocServer32#ThreadingModel

Unclassified.Unknown Origin
C:\DOCUMENTS AND SETTINGS\JOSEPH WOODRELL\DESKTOP\DESKTOP\RECOVERED2\[NTFS]\DOCUMENTS AND SETTINGS\WPM\LOCAL SETTINGS\APPLICATION DATA\MICROSOFT\WINDOWS\USRCLASS.DAT
C:\DOCUMENTS AND SETTINGS\JOSEPH WOODRELL\DESKTOP\DESKTOP\RECOVERED2\[NTFS]\PROGRAM FILES\ATI MULTIMEDIA\TV\ATICCDB.AX
C:\DOCUMENTS AND SETTINGS\JOSEPH WOODRELL\DESKTOP\DESKTOP\RECOVERED2\[NTFS]\PROGRAM FILES\DELL\QUICKSET\DADKEYB.DLL
C:\DOCUMENTS AND SETTINGS\JOSEPH WOODRELL\DESKTOP\DESKTOP\RECOVERED2\[NTFS]\PROGRAM FILES\GEMSTAR\GUIDE PLUS+™\ATI\EPGUPDATE.EXE
C:\DOCUMENTS AND SETTINGS\JOSEPH WOODRELL\DESKTOP\DESKTOP\RECOVERED2\[NTFS]\PROGRAM FILES\ROCKWELL SOFTWARE\RSLINX\DNWHODISP.EXE
C:\DOCUMENTS AND SETTINGS\JOSEPH WOODRELL\DESKTOP\DESKTOP\RECOVERED2\[NTFS]\[000011]\MSDAOSP.DLL

Adware.SurfSideKick
C:\DOCUMENTS AND SETTINGS\JOSEPH WOODRELL\DESKTOP\DESKTOP\RECOVERED2\[NTFS]\DOCUMENTS AND SETTINGS\WPM\LOCAL SETTINGS\TEMP\SSKUPDATER3.EXE

Edited by Ebola0001, 21 June 2007 - 11:21 PM.


#9 sjpritch25

sjpritch25

  • Security Colleague
  • 895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:10:03 PM

Posted 22 June 2007 - 02:01 PM

Okay, i spoke with the developer. Please delete ComboFix.exe from your Desktop, we need to download a fresh copy.

Download Combofix and save it to your desktop.
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe


Note: It is important that it is saved directly to your desktop

Close any open browsers.

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt and a fresh Hijackthis log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Microsoft MVP Consumer Security--2007-2010

#10 Ebola0001

Ebola0001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 22 June 2007 - 03:39 PM

well the new version of combofix only opens one window titled "." I can't see any fauly messages it just sais please wait then closes.

here is what hijack this sees

Logfile of HijackThis v1.99.1
Scan saved at 3:38:08 PM, on 6/22/2007
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v6.00 SP2 (6.00.2900.2180)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\spoolsv.exe
C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\WINDOWS\system32\drivers\CDAC11BA.EXE
C:\WINDOWS\runservice.exe
C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
c:\program files\common files\mcafee\mna\mcnasvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
C:\Program Files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE
C:\Program Files\McAfee\MPF\MPFSrv.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\Rockwell\RNADiagReceiver.exe
C:\WINDOWS\system32\wuauclt.exe
C:\WINDOWS\Explorer.EXE
C:\WINDOWS\system32\ctfmon.exe
C:\Program Files\Rockwell Software\RSView Enterprise\RsActivityLogServ.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\wscntfy.exe
C:\PROGRA~1\mcafee\VIRUSS~1\mcvsshld.exe
C:\PROGRA~1\mcafee\msc\mcuimgr.exe
C:\Program Files\internet explorer\iexplore.exe
C:\Documents and Settings\Joseph Woodrell\Desktop\desktop\HijackThis.exe

R0 - HKCU\Software\Microsoft\Internet Explorer\Main,Start Page = http://search.yahoo.com/
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: scriptproxy - {7DB2D5A0-7241-4E79-B68D-6309F01C5231} - c:\PROGRA~1\mcafee\VIRUSS~1\scriptcl.dll
O2 - BHO: AcroIEToolbarHelper Class - {AE7CD045-E861-484f-8273-0445EE161910} - C:\Program Files\Adobe\Acrobat 6.0\Acrobat\AcroIEFavClient.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [SpybotSD TeaTimer] C:\Program Files\Spybot - Search & Destroy\TeaTimer.exe
O4 - HKCU\..\Run: [SUPERAntiSpyware] C:\Program Files\SUPERAntiSpyware\SUPERAntiSpyware.exe
O16 - DPF: {0EB0E74A-2A76-4AB3-A7FB-9BD8C29F7F75} -
O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll
O23 - Service: Ad-Aware 2007 Service (aawservice) - Lavasoft AB - C:\Program Files\Lavasoft\Ad-Aware 2007\aawservice.exe
O23 - Service: AVG Anti-Spyware Guard - GRISOFT s.r.o. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: BrSplService (Brother XP spl Service) - Unknown owner - C:\WINDOWS\system32\brsvc01a.exe (file missing)
O23 - Service: C-DillaCdaC11BA - Macrovision - C:\WINDOWS\system32\drivers\CDAC11BA.EXE
O23 - Service: McAfee E-mail Proxy (Emproxy) - McAfee, Inc. - C:\PROGRA~1\COMMON~1\McAfee\EmProxy\emproxy.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: iPod Service - Apple Inc. - C:\Program Files\iPod\bin\iPodService.exe
O23 - Service: LicCtrl Service (LicCtrlService) - Unknown owner - C:\WINDOWS\runservice.exe
O23 - Service: McAfee HackerWatch Service - McAfee, Inc. - C:\Program Files\Common Files\McAfee\HackerWatch\HWAPI.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Services (mcmscsvc) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcmscsvc.exe
O23 - Service: McAfee Network Agent (McNASvc) - McAfee, Inc. - c:\program files\common files\mcafee\mna\mcnasvc.exe
O23 - Service: McAfee Scanner (McODS) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcods.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee Redirector Service (McRedirector) - McAfee, Inc. - c:\PROGRA~1\COMMON~1\mcafee\redirsvc\redirsvc.exe
O23 - Service: McAfee Real-time Scanner (McShield) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcshield.exe
O23 - Service: McAfee SystemGuards (McSysmon) - McAfee, Inc. - C:\PROGRA~1\McAfee\VIRUSS~1\mcsysmon.exe
O23 - Service: McAfee Personal Firewall Service (MpfService) - McAfee, Inc. - C:\Program Files\McAfee\MPF\MPFSrv.exe
O23 - Service: Intel NCS NetService (NetSvc) - Intel® Corporation - C:\Program Files\Intel\PROSetWired\NCS\Sync\NetSvc.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe

#11 sjpritch25

sjpritch25

  • Security Colleague
  • 895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:10:03 PM

Posted 23 June 2007 - 05:22 PM

Okay, i spoke with the developer of combofix again and it looks like you may have a new variant. Please delete ComboFix.exe from your desktop.

Download Combofix and save it to your desktop.
http://download.bleepingcomputer.com/sUBs/Beta/ComboFix.exe


Note: It is important that it is saved directly to your desktop

Close any open browsers.

Double click on combofix.exe & follow the prompts.
When finished, it shall produce a log for you.

Post the ComboFix.txt and a fresh Hijackthis log in your next reply.

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
Microsoft MVP Consumer Security--2007-2010

#12 Ebola0001

Ebola0001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 23 June 2007 - 08:26 PM

ok so i figured out a way to keep it from closing so i could screenshot the fault message :thumbsup:

Posted Image

#13 sjpritch25

sjpritch25

  • Security Colleague
  • 895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:10:03 PM

Posted 23 June 2007 - 10:13 PM

Could you try running it again in Safe Mode.
Microsoft MVP Consumer Security--2007-2010

#14 Ebola0001

Ebola0001
  • Topic Starter

  • Members
  • 13 posts
  • OFFLINE
  •  
  • Local time:09:03 PM

Posted 23 June 2007 - 10:43 PM

no difference

actually it was in safe mode where it runs slower that i saw that it was putting an error up

so i ran it under a dos promt window to keep it up after it faulted to screenshot it

Edited by Ebola0001, 23 June 2007 - 10:44 PM.


#15 sjpritch25

sjpritch25

  • Security Colleague
  • 895 posts
  • OFFLINE
  •  
  • Gender:Male
  • Location:West Coast of Florida, USA
  • Local time:10:03 PM

Posted 24 June 2007 - 07:04 AM

Please download Deckard's System Scanner and Save it to your Desktop
  • Close all other windows before proceeding.
  • Double-Click on the dss.exe file on your Desktop and follow the prompts.
  • Scans will run, and 2 text files will open in via Notepad.
  • In your next reply, please attach both of those logs.

Edited by sjpritch25, 24 June 2007 - 07:23 AM.

Microsoft MVP Consumer Security--2007-2010




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users