Jump to content

mystic

Members
  • Posts

    3
  • Joined

  • Last visited

Posts posted by mystic

  1. Here are a couple logs

    Logfile of Trend Micro HijackThis v2.0.2

    Scan saved at 11:08:59 AM, on 3/23/2009

    Platform: Windows XP SP3 (WinNT 5.01.2600)

    MSIE: Internet Explorer v6.00 SP3 (6.00.2900.5512)

    Boot mode: Normal

    Running processes:

    C:\WINDOWS\System32\smss.exe

    C:\WINDOWS\system32\winlogon.exe

    C:\WINDOWS\system32\services.exe

    C:\WINDOWS\system32\lsass.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\System32\svchost.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\system32\spoolsv.exe

    C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    C:\WINDOWS\system32\CTsvcCDA.exe

    C:\WINDOWS\system32\pctspk.exe

    C:\WINDOWS\System32\svchost.exe

    C:\PROGRA~1\AVG\AVG8\avgemc.exe

    C:\PROGRA~1\AVG\AVG8\avgrsx.exe

    C:\PROGRA~1\AVG\AVG8\avgnsx.exe

    C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

    C:\WINDOWS\system32\SearchIndexer.exe

    C:\Program Files\AVG\AVG8\avgcsrvx.exe

    C:\WINDOWS\system32\svchost.exe

    C:\WINDOWS\Explorer.EXE

    C:\WINDOWS\System32\hkcmd.exe

    C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

    C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

    C:\PROGRA~1\AVG\AVG8\avgtray.exe

    C:\WINDOWS\System32\igfxtray.exe

    C:\Program Files\QuickTime\qttask.exe

    C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe

    C:\Palm\hotsync.exe

    C:\Program Files\Napster\napster.exe

    C:\PROGRA~1\Yahoo!\MESSEN~1\ymsgr_tray.exe

    C:\Program Files\Internet Explorer\IEXPLORE.EXE

    C:\Program Files\Outlook Express\msimn.exe

    C:\WINDOWS\system32\SearchProtocolHost.exe

    C:\Program Files\Trend Micro\HijackThis\HijackThis.exe

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://start.earthlink.net

    R1 - HKCU\Software\Microsoft\Internet Explorer\Main,Default_Search_URL = http://www.earthlink.net/partner/more/msie...ton/search.html

    R1 - HKLM\Software\Microsoft\Internet Explorer\Main,Default_Page_URL = http://www.yahoo.com

    R0 - HKLM\Software\Microsoft\Internet Explorer\Main,Start Page = http://www.yahoo.com

    R1 - HKCU\Software\Microsoft\Windows\CurrentVersion\Internet Settings,ProxyServer = :0

    R3 - URLSearchHook: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: &Yahoo! Toolbar Helper - {02478D38-C3F9-4efb-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O2 - BHO: WormRadar.com IESiteBlocker.NavFilter - {3CA2F312-6F6E-4B53-A66E-4E65E497C8C0} - C:\Program Files\AVG\AVG8\avgssie.dll

    O2 - BHO: Spybot-S&D IE Protection - {53707962-6F74-2D53-2644-206D7942484F} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O3 - Toolbar: Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll

    O4 - HKLM\..\Run: [HotKeysCmds] C:\WINDOWS\System32\hkcmd.exe

    O4 - HKLM\..\Run: [iMONTRAY] C:\Program Files\Intel\Intel® Active Monitor\imontray.exe

    O4 - HKLM\..\Run: [CTCheck] C:\Program Files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe

    O4 - HKLM\..\Run: [AVG8_TRAY] C:\PROGRA~1\AVG\AVG8\avgtray.exe

    O4 - HKLM\..\Run: [igfxTray] C:\WINDOWS\System32\igfxtray.exe

    O4 - HKLM\..\Run: [QuickTime Task] "C:\Program Files\QuickTime\qttask.exe" -atboottime

    O4 - HKCU\..\Run: [CTSyncU.exe] "C:\Program Files\Creative\Sync Manager Unicode\CTSyncU.exe"

    O4 - HKCU\..\Run: [Messenger (Yahoo!)] "C:\PROGRA~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" -quiet

    O4 - HKUS\S-1-5-18\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'SYSTEM')

    O4 - HKUS\.DEFAULT\..\Run: [ALUAlert] C:\Program Files\Symantec\LiveUpdate\ALUNotify.exe (User 'Default user')

    O4 - Global Startup: AutorunsDisabled

    O4 - Global Startup: HotSync Manager.lnk = C:\Palm\hotsync.exe

    O6 - HKCU\Software\Policies\Microsoft\Internet Explorer\Control Panel present

    O9 - Extra button: (no name) - {53F6FCCD-9E22-4d71-86EA-6E43136192AB} - (no file)

    O9 - Extra button: (no name) - {925DAB62-F9AC-4221-806A-057BFB1014AA} - (no file)

    O9 - Extra button: (no name) - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra 'Tools' menuitem: Spybot - Search && Destroy Configuration - {DFB852A3-47F8-48C4-A200-58CAB36FD2A2} - C:\Program Files\Spybot - Search & Destroy\SDHelper.dll

    O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - C:\WINDOWS\Network Diagnostic\xpnetdiag.exe

    O9 - Extra button: Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O9 - Extra 'Tools' menuitem: Windows Messenger - {FB5F1910-F110-11d2-BB9E-00C04F795683} - C:\Program Files\Messenger\msmsgs.exe

    O12 - Plugin for .spop: C:\Program Files\Internet Explorer\Plugins\NPDocBox.dll

    O15 - Trusted Zone: http://onecare.live.com

    O16 - DPF: {5ED80217-570B-4DA9-BF44-BE107C0EC166} (Windows Live Safety Center Base Module) - http://cdn.scan.onecare.live.com/resource/...lscbase5483.cab

    O16 - DPF: {6414512B-B978-451D-A0D8-FCFDF33E833C} (WUWebControl Class) - http://www.update.microsoft.com/windowsupd...b?1232334420343

    O16 - DPF: {D4323BF2-006A-4440-A2F5-27E3E7AB25F8} (Virtools WebPlayer Class) - http://a532.g.akamai.net/f/532/6712/5m/vir...l/installer.exe

    O18 - Protocol: linkscanner - {F274614C-63F8-47D5-A4D1-FBDDE494F8D1} - C:\Program Files\AVG\AVG8\avgpp.dll

    O20 - Winlogon Notify: !SASWinLogon - C:\Program Files\SUPERAntiSpyware\SASWINLO.dll

    O20 - Winlogon Notify: avgrsstarter - C:\WINDOWS\SYSTEM32\avgrsstx.dll

    O23 - Service: AVG8 E-mail Scanner (avg8emc) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgemc.exe

    O23 - Service: AVG8 WatchDog (avg8wd) - AVG Technologies CZ, s.r.o. - C:\PROGRA~1\AVG\AVG8\avgwdsvc.exe

    O23 - Service: Creative Service for CDROM Access - Creative Technology Ltd - C:\WINDOWS\system32\CTsvcCDA.exe

    O23 - Service: Intel® Active Monitor (imonNT) - Intel Corp. - C:\Program Files\Intel\Intel® Active Monitor\imonnt.exe

    O23 - Service: PCTEL Speaker Phone (Pctspk) - PCtel, Inc. - C:\WINDOWS\system32\pctspk.exe

    --

    End of file - 6201 bytes

    ComboFix 09-03-22.01 - Owner 2009-03-23 21:27:30.1 - NTFSx86

    Microsoft Windows XP Home Edition 5.1.2600.3.1252.1.1033.18.510.243 [GMT -4:00]

    Running from: c:\documents and settings\Owner\Desktop\ComboFix.exe

    AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated)

    * Created a new restore point

    WARNING -THIS MACHINE DOES NOT HAVE THE RECOVERY CONSOLE INSTALLED !!

    .

    ((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

    .

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr0.dat

    c:\documents and settings\All Users\Application Data\Microsoft\Network\Downloader\qmgr1.dat

    c:\documents and settings\Owner\Application Data\IUpd721

    c:\documents and settings\Owner\Application Data\IUpd721\Logs\scns.log

    c:\windows\IE4 Error Log.txt

    ----- BITS: Possible infected sites -----

    hxxp://bgbtorlopos.com

    .

    ((((((((((((((((((((((((( Files Created from 2009-02-24 to 2009-03-24 )))))))))))))))))))))))))))))))

    .

    2009-03-23 21:20 . 2009-03-23 21:26 <DIR> d-------- C:\32788R22FWJFW

    2009-03-23 11:08 . 2009-03-23 11:08 <DIR> d-------- c:\program files\Trend Micro

    2009-03-22 22:06 . 2009-03-22 22:06 <DIR> d-------- c:\program files\CCleaner

    2009-03-22 13:41 . 2009-03-22 13:41 <DIR> d-------- c:\documents and settings\Owner\DoctorWeb

    2009-03-21 22:47 . 2009-03-21 22:47 <DIR> d-------- c:\documents and settings\Administrator\Application Data\SUPERAntiSpyware.com

    2009-03-21 22:19 . 2009-03-21 22:19 <DIR> d-------- c:\program files\Common Files\Wise Installation Wizard

    2009-03-21 21:09 . 2009-03-21 21:09 <DIR> d-------- c:\documents and settings\Administrator\Application Data\Malwarebytes

    2009-03-21 21:08 . 2009-03-21 21:08 <DIR> d-------- c:\documents and settings\Administrator

    2009-03-17 22:56 . 2009-03-17 22:56 29,184 --a------ C:\Find_the_value Worksheet.doc

    2009-03-03 16:54 . 2009-03-03 16:54 <DIR> d-------- c:\program files\Malwarebytes' Anti-Malware

    2009-03-03 16:54 . 2009-03-03 16:54 <DIR> d-------- c:\documents and settings\Owner\Application Data\Malwarebytes

    2009-03-03 16:54 . 2009-03-03 16:54 <DIR> d-------- c:\documents and settings\All Users\Application Data\Malwarebytes

    2009-03-03 16:54 . 2009-02-11 11:19 38,496 --a------ c:\windows\system32\drivers\mbamswissarmy.sys

    2009-03-03 16:54 . 2009-02-11 11:19 15,504 --a------ c:\windows\system32\drivers\mbam.sys

    2009-02-28 21:13 . 2009-03-23 21:33 54,156 --ah----- c:\windows\QTFont.qfn

    2009-02-28 21:13 . 2009-02-28 21:13 1,409 --a------ c:\windows\QTFont.for

    2009-02-25 23:49 . 2009-02-25 23:49 <DIR> d-------- C:\Amber

    .

    (((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    2009-03-23 02:08 --------- d-----w c:\documents and settings\All Users\Application Data\Spybot - Search & Destroy

    2009-03-22 13:26 --------- d-----w c:\program files\Windows Live Safety Center

    2009-03-22 02:19 --------- d-----w c:\program files\SUPERAntiSpyware

    2009-03-22 02:19 --------- d-----w c:\documents and settings\Owner\Application Data\SUPERAntiSpyware.com

    2009-03-13 12:36 --------- d-----w c:\program files\support.com

    2009-03-12 13:11 --------- d-----w c:\documents and settings\Owner\Application Data\Canon

    2009-02-26 01:26 --------- d-----w c:\program files\Spybot - Search & Destroy

    2009-02-12 23:19 --------- d-----w c:\program files\Free Offers from Freeze.com

    2009-02-12 03:10 --------- d-----w c:\program files\MediaCoder

    2009-02-12 02:42 --------- d-----w c:\documents and settings\All Users\Application Data\Winferno

    2009-02-12 02:37 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo! Companion

    2009-02-12 02:36 --------- d-----w c:\program files\Yahoo!

    2009-02-12 02:31 --------- d-----w c:\program files\Common Files\eSellerate

    2009-02-12 02:27 --------- d-----w c:\documents and settings\Owner\Application Data\Memeo

    2009-02-07 00:11 --------- d-----w c:\program files\Common Files\Symantec Shared

    2009-02-07 00:04 --------- d-----w c:\program files\Symantec

    2009-02-06 23:48 --------- d-----w c:\program files\Norton Internet Security

    2009-02-06 22:48 --------- d-----w c:\program files\Google

    2009-02-06 13:40 325,128 ----a-w c:\windows\system32\drivers\avgldx86.sys

    2009-02-06 13:40 107,272 ----a-w c:\windows\system32\drivers\avgtdix.sys

    2009-02-02 16:51 --------- d-----w c:\documents and settings\All Users\Application Data\avg8

    2009-01-31 17:48 --------- d-----w c:\documents and settings\Owner\Application Data\Windows Search

    2009-01-29 21:58 --------- d-----w c:\documents and settings\All Users\Application Data\SUPERAntiSpyware.com

    2009-01-29 00:30 --------- d-----w c:\program files\Napster

    2009-01-26 18:43 --------- d-----w c:\documents and settings\All Users\Application Data\Yahoo!

    2009-01-24 04:54 --------- d-----w c:\documents and settings\Owner\Application Data\Windows Desktop Search

    2009-01-24 04:53 --------- d-----w c:\program files\Windows Desktop Search

    2009-01-24 04:51 --------- d-----w c:\program files\Windows Media Connect 2

    .

    ------- Sigcheck -------

    2004-08-04 03:56 24576 39b1ffb03c2296323832acbae50d2aff c:\windows\$NtServicePackUninstall$\userinit.exe

    2008-04-13 20:12 26112 a93aee1928a9d7ce3e16d24ec7380f89 c:\windows\ServicePackFiles\i386\userinit.exe

    2009-03-19 08:42 45568 7fec627ab624b76529de4ab91f7ad600 c:\windows\system32\userinit.exe

    .

    ((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

    .

    .

    *Note* empty entries & legit default entries are not shown

    REGEDIT4

    [HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "CTSyncU.exe"="c:\program files\Creative\Sync Manager Unicode\CTSyncU.exe" [2007-07-17 868352]

    "Messenger (Yahoo!)"="c:\progra~1\Yahoo!\MESSEN~1\YAHOOM~1.EXE" [2009-01-08 4363504]

    [HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

    "HotKeysCmds"="c:\windows\System32\hkcmd.exe" [2002-07-26 114688]

    "IMONTRAY"="c:\program files\Intel\Intel® Active Monitor\imontray.exe" [2002-05-03 32768]

    "CTCheck"="c:\program files\Creative\Creative ZEN\ZEN Media Explorer\CTCheck.exe" [2007-11-06 397312]

    "AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-02-06 1601304]

    "IgfxTray"="c:\windows\System32\igfxtray.exe" [2002-07-26 155648]

    "QuickTime Task"="c:\program files\QuickTime\qttask.exe" [2006-10-25 282624]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\

    HotSync Manager.lnk - c:\palm\hotsync.exe [2008-11-01 260096]

    c:\documents and settings\All Users\Start Menu\Programs\Startup\AutorunsDisabled

    Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-02-17 65588]

    [hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]

    "{56F9679E-7826-4C84-81F3-532071A8BCC5}"= "c:\program files\Windows Desktop Search\MSNLNamespaceMgr.dll" [2008-05-26 304128]

    "{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]

    2008-12-22 11:05 356352 c:\program files\SUPERAntiSpyware\SASWINLO.dll

    [HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]

    2009-02-06 09:40 10520 c:\windows\system32\avgrsstx.dll

    [HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Windows Search.lnk]

    path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Windows Search.lnk

    backup=c:\windows\pss\Windows Search.lnkCommon Startup

    HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\swg

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]

    --a------ 2006-10-25 19:58 282624 c:\program files\QuickTime\qttask.exe

    [HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\services]

    "SymWSC"=2 (0x2)

    "SymProxySvc"=2 (0x2)

    "SNDSrvc"=3 (0x3)

    "NISUM"=3 (0x3)

    "NISSERV"=2 (0x2)

    "gusvc"=3 (0x3)

    "WMPNetworkSvc"=3 (0x3)

    "Seekeen Service"=2 (0x2)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

    "EnableFirewall"= 0 (0x0)

    [HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

    "%windir%\\system32\\sessmgr.exe"=

    "c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=

    "c:\\Program Files\\AVG\\AVG8\\avgemc.exe"=

    "%windir%\\Network Diagnostic\\xpnetdiag.exe"=

    "c:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe"=

    R0 BsStor;B.H.A Storage Helper Driver;c:\windows\system32\drivers\BsStor.sys [2002-12-13 8192]

    R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [2008-11-25 325128]

    R1 AvgTdiX;AVG8 Network Redirector;c:\windows\system32\drivers\avgtdix.sys [2008-11-25 107272]

    R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [2009-02-17 8944]

    R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [2009-02-17 55024]

    R2 avg8emc;AVG8 E-mail Scanner;c:\progra~1\AVG\AVG8\avgemc.exe [2009-02-06 903960]

    R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [2009-02-06 298264]

    S3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [2009-02-17 7408]

    S4 Seekeen Service;Seekeen Service;"c:\program files\Seekeen\seekeen.exe" "c:\program files\Seekeen\seekeen.dll" Service --> c:\program files\Seekeen\seekeen.exe [?]

    [HKEY_CURRENT_USER\software\microsoft\windows\currentversion\explorer\mountpoints2\{1aa173f8-ba70-11dd-af8b-00045a7ff8f1}]

    \Shell\AutoRun\command - c:\windows\system32\RunDLL32.EXE Shell32.DLL,ShellExec_RunDLL E:\m.exe /s

    .

    Contents of the 'Scheduled Tasks' folder

    2009-03-18 c:\windows\Tasks\AppleSoftwareUpdate.job

    - c:\program files\Apple Software Update\SoftwareUpdate.exe [2006-10-10 18:13]

    2009-03-24 c:\windows\Tasks\PCConfidential.job

    - c:\program files\Winferno\PC Confidential\PCConfidential.exe []

    .

    - - - - ORPHANS REMOVED - - - -

    HKU-Default-Run-ALUAlert - c:\program files\Symantec\LiveUpdate\ALUNotify.exe

    MSConfigStartUp-loaottocyessnximk - c:\windows\system32\mmkvgezxlmuitcd.dll

    .

    ------- Supplementary Scan -------

    .

    uStart Page = hxxp://www.google.com/

    uDefault_Search_URL = hxxp://www.earthlink.net/partner/more/msie/button/search.html

    mStart Page = hxxp://www.yahoo.com

    uInternet Connection Wizard,ShellNext = iexplore

    uSearchURL,(Default) = hxxp://www.google.com/search?q=%s

    Trusted Zone: intuit.com\www.turbotax

    Trusted Zone: live.com\onecare

    Trusted Zone: nick.com\www

    DPF: DirectAnimation Java Classes - file://c:\windows\Java\classes\dajava.cab

    DPF: Microsoft XML Parser for Java - file://c:\windows\Java\classes\xmldso.cab

    .

    **************************************************************************

    catchme 0.3.1367 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

    Rootkit scan 2009-03-23 21:32:50

    Windows 5.1.2600 Service Pack 3 NTFS

    scanning hidden processes ...

    scanning hidden autostart entries ...

    scanning hidden files ...

    scan completed successfully

    hidden files: 0

    **************************************************************************

    .

    --------------------- DLLs Loaded Under Running Processes ---------------------

    - - - - - - - > 'winlogon.exe'(500)

    c:\program files\SUPERAntiSpyware\SASWINLO.dll

    .

    ------------------------ Other Running Processes ------------------------

    .

    c:\windows\system32\CTSVCCDA.EXE

    c:\windows\system32\pctspk.exe

    c:\program files\AVG\AVG8\avgrsx.exe

    c:\progra~1\AVG\AVG8\avgnsx.exe

    c:\windows\system32\searchindexer.exe

    c:\program files\Intel\Intel® Active Monitor\imonNT.exe

    c:\program files\AVG\AVG8\avgcsrvx.exe

    c:\windows\system32\wscntfy.exe

    .

    **************************************************************************

    .

    Completion time: 2009-03-23 21:36:53 - machine was rebooted

    ComboFix-quarantined-files.txt 2009-03-24 01:36:49

    Pre-Run: 18,351,726,592 bytes free

    Post-Run: 18,383,704,064 bytes free

    189 --- E O F --- 2009-03-14 17:16:14

    Thanks for looking.....

  2. What symptoms were you having? Since I seem to have the same issue with two registry entries regarding userinit.exe, I am wondering if it might even be the same spyware. In my case, I was watching the registry entries while I ran malwarebytes and tried to delete, but I saw no change. That is, the quarantine and delete operation apparently did nothing. At first I thought that the spyware was somehow restoring the entries, but now I don't think so.

    I did the same. I do not see userinit.exe running in task manager and I do not have any other browser issues, just these two files popping up in Malwarebytes scan results. I have two suspicions. Either they are corrupted files and need to be disinfected by Combofix (or ATF Cleaner) or they could be false positives. I really can't tell. They have been known to become associated with many downloaders and viruses. I removed Virtumonde back in early January and my system ran just fine for months. Now Malwarebytes is picking up these files and lists them as Trojan.Agent. After much surfing (snooping), I've discovered this issue is prevalent. Everyone across the board has their own methodology and preferred scanners including Eset which is one I haven't run since January. I could go on and on attempting suggestions but thought I would let someone with more experience solve this for me. Funny thing is, I spent about a month and a half of cleaning this same virus off my friends's home PC and their two laptops with great sucess. I'm not sure what the issue is. I could copy the userinit.exe file from a friend's PC using the same Service Pack and replace it with Combofix or I could run Eset scanner or ATF Cleaner and see what happens but I would like someone to look at the logs first for their opinion.

  3. I apologize for starting this thread as I see there are similar currently being addressed. I am a first-time EVER poster to anything! I just need to confirm that my system is okay. I have logs from DDS report, Attach report, Java Report, MBAM log, Hijack this. I have run Malware Bytes which found two registry files Userinit.exe that keep coming back. Have also run SuperAntiSpyware, Spybot, Dr. Web, CCleaner, OneCareLive and currently using AVG as antivirus. I understand why it is important not to use multiple software, however, I used these as "standalones" with no live protection except for AVG. Would it be possible for someone to take a look at the logs I have and tell me why I keep getting these two files back? SuperAntiSpyware only finds tracking cookies as does Spybot. Onecarelive found 8 item but was not able to fix one of them and flashed so quickly I was unable to identify which file. AVG finds no current infections. Short of going into the keys and removing or replacing the files themselves (which I don't want to do) nor am I wanting to reload Windows, I was hoping someone may be able to identify whether I am at further risk. I AM NOT currently experiencing any browser redirection and I think these two files were loaded upon a system restore. I have cleared my previous system restores except for latest which was performed following guidelines by AdvanceSetup (I believe that's the ID). I have also removed Java files/folders and performed Disk Cleaner. Will post logs if desired. Thank you.

Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.