Jump to content

Malwarebytes Not Fully Removing "Security Tool"


Recommended Posts

Hi, I saw that someone else has almost the identical problem that I do but I didn't want to follow the same instructions that were given to them in case my situation were different. Malwarebytes takes care of this "Security Tool" for a little while but it always returns.

Please help?

Malwarebytes' Anti-Malware 1.41

Database version: 2945

Windows 5.1.2600 Service Pack 3

10/14/2009 2:44:13 PM

mbam-log-2009-10-14 (14-44-13).txt

Scan type: Quick Scan

Objects scanned: 104551

Time elapsed: 11 minute(s), 57 second(s)

Memory Processes Infected: 1

Memory Modules Infected: 1

Registry Keys Infected: 1

Registry Values Infected: 4

Registry Data Items Infected: 3

Folders Infected: 1

Files Infected: 3

Memory Processes Infected:

C:\Documents and Settings\All Users\Application Data\10830921\10830921.exe (Rogue.SecurityTool) -> Unloaded process successfully.

Memory Modules Infected:

c:\WINDOWS\system32\wazitoyi.dll (Trojan.Vundo.H) -> Delete on reboot.

Registry Keys Infected:

HKEY_CLASSES_ROOT\CLSID\{7357937e-0199-4075-9474-442573c55e84} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Values Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\rewifepon (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run\10830921 (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Explorer\SharedTaskScheduler\{7357937e-0199-4075-9474-442573c55e84} (Trojan.Vundo.H) -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\ShellServiceObjectDelayLoad\toloripum (Trojan.Vundo.H) -> Quarantined and deleted successfully.

Registry Data Items Infected:

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: c:\windows\system32\wazitoyi.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Windows\AppInit_DLLs (Trojan.Vundo.H) -> Data: system32\wazitoyi.dll -> Quarantined and deleted successfully.

HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Security Center\UpdatesDisableNotify (Disabled.SecurityCenter) -> Bad: (1) Good: (0) -> Quarantined and deleted successfully.

Folders Infected:

C:\Documents and Settings\All Users\Application Data\10830921 (Rogue.Multiple) -> Quarantined and deleted successfully.

Files Infected:

c:\WINDOWS\system32\wazitoyi.dll (Trojan.Vundo.H) -> Delete on reboot.

C:\Documents and Settings\All Users\Application Data\10830921\10830921.exe (Trojan.FakeAlert.H) -> Quarantined and deleted successfully.

C:\WINDOWS\system32\waderero.exe (Trojan.Dropper) -> Quarantined and deleted successfully.

Link to post
Share on other sites

ComboFix 09-10-15.01 - Dean 10/15/2009 14:58.2.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1547 [GMT -4:00]

Running from: c:\documents and settings\Dean\My Documents\Downloads\ComboFix.exe

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\windows\Installer\72628fe.msp

c:\windows\Installer\7262903.msp

c:\windows\Installer\7262908.msp

c:\windows\Installer\726290d.msp

c:\windows\Installer\7262912.msp

c:\windows\Installer\7262917.msp

c:\windows\Installer\726291c.msp

c:\windows\Installer\7262921.msp

c:\windows\Installer\7262926.msp

c:\windows\Installer\726292b.msp

c:\windows\Installer\7262930.msp

c:\windows\Installer\7262935.msp

c:\windows\Installer\744addc.msp

c:\windows\Installer\744ade1.msp

c:\windows\Installer\744ade6.msp

c:\windows\Installer\744adeb.msp

c:\windows\Installer\744adf0.msp

c:\windows\Installer\744adf5.msp

c:\windows\Installer\744adfa.msp

c:\windows\Installer\74746d7.msp

c:\windows\Installer\74746dc.msp

c:\windows\Installer\74746e1.msp

c:\windows\Installer\74746e6.msp

c:\windows\Installer\74746eb.msp

c:\windows\Installer\74746f0.msp

c:\windows\Installer\74746f5.msp

c:\windows\Installer\74746fa.msp

c:\windows\Installer\74746ff.msp

c:\windows\Installer\7474704.msp

c:\windows\Installer\7474709.msp

c:\windows\Installer\747470e.msp

c:\windows\Installer\7474713.msp

c:\windows\Installer\7474718.msp

c:\windows\Installer\76414fc.msp

c:\windows\Installer\7641501.msp

c:\windows\Installer\7641506.msp

c:\windows\Installer\764150b.msp

c:\windows\Installer\7641510.msp

c:\windows\Installer\7641515.msp

c:\windows\Installer\764151a.msp

c:\windows\Installer\78867.msp

c:\windows\Installer\7886c.msp

c:\windows\Installer\78871.msp

c:\windows\Installer\78876.msp

c:\windows\Installer\7887b.msp

c:\windows\Installer\78880.msp

c:\windows\Installer\78885.msp

c:\windows\Installer\7888a.msp

c:\windows\Installer\7888f.msp

c:\windows\Installer\78894.msp

c:\windows\Installer\78899.msp

c:\windows\Installer\7889e.msp

c:\windows\Installer\788a3.msp

c:\windows\Installer\788a8.msp

c:\windows\Installer\7b42d03.msp

c:\windows\Installer\7b42d08.msp

c:\windows\Installer\7b42d0d.msp

c:\windows\Installer\7b42d12.msp

c:\windows\Installer\7b42d17.msp

c:\windows\Installer\7b42d1c.msp

c:\windows\Installer\7b42d21.msp

c:\windows\Installer\7b42d26.msp

c:\windows\Installer\7b42d2b.msp

c:\windows\Installer\7b42d30.msp

c:\windows\Installer\7b42d35.msp

c:\windows\Installer\7b42d3a.msp

c:\windows\Installer\7b42d3f.msp

c:\windows\Installer\7b42d44.msp

c:\windows\Installer\7b42d49.msp

c:\windows\Installer\7f2e2f8.msp

c:\windows\Installer\7f2e2fd.msp

c:\windows\Installer\7f2e302.msp

c:\windows\Installer\7f2e307.msp

c:\windows\Installer\7f2e30c.msp

c:\windows\Installer\7f2e311.msp

c:\windows\Installer\7f2e316.msp

c:\windows\Installer\7f2e31b.msp

c:\windows\Installer\7f2e320.msp

c:\windows\Installer\7f2e325.msp

c:\windows\Installer\7f2e32a.msp

c:\windows\Installer\7f2e32f.msp

c:\windows\Installer\85e7caf.msp

c:\windows\Installer\85e7cb4.msp

c:\windows\Installer\85e7cb9.msp

c:\windows\Installer\85e7cbe.msp

c:\windows\Installer\85e7cc3.msp

c:\windows\Installer\85e7cc8.msp

c:\windows\Installer\85e7ccd.msp

c:\windows\Installer\85e7cd2.msp

c:\windows\Installer\85e7cd7.msp

c:\windows\Installer\85e7cdc.msp

c:\windows\Installer\85e7ce1.msp

c:\windows\Installer\85e7ce6.msp

c:\windows\Installer\85e7ceb.msp

c:\windows\Installer\85e7cf0.msp

c:\windows\Installer\85e7cf5.msp

c:\windows\Installer\8d13798.msp

c:\windows\Installer\8d1379d.msp

c:\windows\Installer\8d137a2.msp

c:\windows\Installer\8d137a7.msp

c:\windows\Installer\8d137ac.msp

c:\windows\Installer\8d137b1.msp

c:\windows\Installer\8d137b6.msp

c:\windows\Installer\8d137bb.msp

c:\windows\Installer\8d137c0.msp

c:\windows\Installer\8d137c5.msp

c:\windows\Installer\8d137ca.msp

c:\windows\Installer\8d137cf.msp

c:\windows\Installer\8fa37.msp

c:\windows\Installer\8fa3c.msp

c:\windows\Installer\8fa41.msp

c:\windows\Installer\8fa46.msp

c:\windows\Installer\8fa4b.msp

c:\windows\Installer\8fa50.msp

c:\windows\Installer\8fa55.msp

c:\windows\Installer\8fa5a.msp

c:\windows\Installer\8fa5f.msp

c:\windows\Installer\8fa64.msp

c:\windows\Installer\9198e3.msp

c:\windows\Installer\9198e8.msp

c:\windows\Installer\9198ed.msp

c:\windows\Installer\9198f2.msp

c:\windows\Installer\9198f7.msp

c:\windows\Installer\9198fc.msp

c:\windows\Installer\919901.msp

c:\windows\Installer\919906.msp

c:\windows\Installer\91990b.msp

c:\windows\Installer\919910.msp

c:\windows\Installer\919915.msp

c:\windows\Installer\91991a.msp

c:\windows\Installer\91991f.msp

c:\windows\Installer\919924.msp

c:\windows\Installer\93c33a8.msp

c:\windows\Installer\93c33ad.msp

c:\windows\Installer\93c33b2.msp

c:\windows\Installer\93c33b7.msp

c:\windows\Installer\93c33bc.msp

c:\windows\Installer\93c33c1.msp

c:\windows\Installer\93c33c6.msp

c:\windows\Installer\94d522.msp

c:\windows\Installer\94d527.msp

c:\windows\Installer\94d52c.msp

c:\windows\Installer\94d531.msp

c:\windows\Installer\94d536.msp

c:\windows\Installer\94d53b.msp

c:\windows\Installer\94d540.msp

c:\windows\Installer\97f36.msp

c:\windows\Installer\97f3b.msp

c:\windows\Installer\97f40.msp

c:\windows\Installer\97f45.msp

c:\windows\Installer\97f4a.msp

c:\windows\Installer\97f4f.msp

c:\windows\Installer\97f54.msp

c:\windows\Installer\97f59.msp

c:\windows\Installer\97f5e.msp

c:\windows\Installer\97f63.msp

c:\windows\Installer\97f68.msp

c:\windows\Installer\97f6d.msp

c:\windows\Installer\97f72.msp

c:\windows\Installer\97f77.msp

c:\windows\Installer\97f7c.msp

c:\windows\Installer\98016af.msp

c:\windows\Installer\98016b4.msp

c:\windows\Installer\98016b9.msp

c:\windows\Installer\98016be.msp

c:\windows\Installer\98016c3.msp

c:\windows\Installer\98016c8.msp

c:\windows\Installer\98016cd.msp

c:\windows\Installer\98016d2.msp

c:\windows\Installer\98016d7.msp

c:\windows\Installer\98016dc.msp

c:\windows\Installer\98016e1.msp

c:\windows\Installer\98016e6.msp

c:\windows\Installer\98016eb.msp

c:\windows\Installer\98016f0.msp

c:\windows\Installer\9e83c3e.msp

c:\windows\Installer\9e83c43.msp

c:\windows\Installer\9e83c48.msp

c:\windows\Installer\9e83c4d.msp

c:\windows\Installer\9e83c52.msp

c:\windows\Installer\9e83c57.msp

c:\windows\Installer\9e83c5c.msp

c:\windows\Installer\9e83c61.msp

c:\windows\Installer\9e83c66.msp

c:\windows\Installer\9e83c6b.msp

c:\windows\Installer\9e83c70.msp

c:\windows\Installer\9e83c75.msp

c:\windows\Installer\9e83c7a.msp

c:\windows\Installer\9e83c7f.msp

c:\windows\Installer\9e83c84.msp

c:\windows\Installer\a0b06ad.msp

c:\windows\Installer\a0b06b2.msp

c:\windows\Installer\a0b06b7.msp

c:\windows\Installer\a0b06bc.msp

c:\windows\Installer\a0b06c1.msp

c:\windows\Installer\a0b06c6.msp

c:\windows\Installer\a0b06cb.msp

c:\windows\Installer\a562312.msp

c:\windows\Installer\a562317.msp

c:\windows\Installer\a56231c.msp

c:\windows\Installer\a562321.msp

c:\windows\Installer\a562326.msp

c:\windows\Installer\a56232b.msp

c:\windows\Installer\a562330.msp

c:\windows\Installer\a562335.msp

c:\windows\Installer\a56233a.msp

c:\windows\Installer\a56233f.msp

c:\windows\Installer\a562344.msp

c:\windows\Installer\a562349.msp

c:\windows\Installer\a56234e.msp

c:\windows\Installer\a562353.msp

c:\windows\Installer\a562358.msp

c:\windows\Installer\a8b00a4.msp

c:\windows\Installer\a8b00a9.msp

c:\windows\Installer\a8b00ae.msp

c:\windows\Installer\a8b00b3.msp

c:\windows\Installer\a8b00b8.msp

c:\windows\Installer\a8b00bd.msp

c:\windows\Installer\a8b00c2.msp

c:\windows\Installer\aa8913e.msp

c:\windows\Installer\aa89143.msp

c:\windows\Installer\aa89148.msp

c:\windows\Installer\aa8914d.msp

c:\windows\Installer\aa89152.msp

c:\windows\Installer\aa89157.msp

c:\windows\Installer\aa8915c.msp

c:\windows\Installer\b1af6b4.msp

c:\windows\Installer\b1af6b9.msp

c:\windows\Installer\b1af6be.msp

c:\windows\Installer\b1af6c3.msp

c:\windows\Installer\b1af6c8.msp

c:\windows\Installer\b1af6cd.msp

c:\windows\Installer\b1af6d2.msp

c:\windows\Installer\b1af6d7.msp

c:\windows\Installer\b1af6dc.msp

c:\windows\Installer\b1af6e1.msp

c:\windows\Installer\b1af6e6.msp

c:\windows\Installer\b1af6eb.msp

c:\windows\Installer\b1af6f0.msp

c:\windows\Installer\b1af6f5.msp

c:\windows\Installer\b1af6fa.msp

c:\windows\Installer\ba59ee.msp

c:\windows\Installer\ba59f3.msp

c:\windows\Installer\ba59f8.msp

c:\windows\Installer\ba59fd.msp

c:\windows\Installer\ba5a02.msp

c:\windows\Installer\ba5a07.msp

c:\windows\Installer\ba5a0c.msp

c:\windows\Installer\ba5a11.msp

c:\windows\Installer\ba5a16.msp

c:\windows\Installer\ba5a1b.msp

c:\windows\Installer\ba5a20.msp

c:\windows\Installer\ba5a25.msp

c:\windows\Installer\ba5a2a.msp

c:\windows\Installer\ba5a2f.msp

c:\windows\Installer\bb8b390.msp

c:\windows\Installer\bb8b395.msp

c:\windows\Installer\bb8b39a.msp

c:\windows\Installer\bb8b39f.msp

c:\windows\Installer\bb8b3a4.msp

c:\windows\Installer\bb8b3a9.msp

c:\windows\Installer\bb8b3ae.msp

c:\windows\Installer\bc71237.msp

c:\windows\Installer\bc7123c.msp

c:\windows\Installer\bc71241.msp

c:\windows\Installer\bc71246.msp

c:\windows\Installer\bc7124b.msp

c:\windows\Installer\bc71250.msp

c:\windows\Installer\bc71255.msp

c:\windows\Installer\bc7125a.msp

c:\windows\Installer\bc7125f.msp

c:\windows\Installer\bc71264.msp

c:\windows\Installer\bc71269.msp

c:\windows\Installer\bc7126e.msp

c:\windows\Installer\bce1988.msp

c:\windows\Installer\bce198d.msp

c:\windows\Installer\bce1992.msp

c:\windows\Installer\bce1997.msp

c:\windows\Installer\bce199c.msp

c:\windows\Installer\bce19a1.msp

c:\windows\Installer\bce19a6.msp

c:\windows\Installer\bf4074f.msp

c:\windows\Installer\bf40754.msp

c:\windows\Installer\bf40759.msp

c:\windows\Installer\bf4075e.msp

c:\windows\Installer\bf40763.msp

c:\windows\Installer\bf40768.msp

c:\windows\Installer\bf4076d.msp

c:\windows\Installer\c117667.msp

c:\windows\Installer\c11766c.msp

c:\windows\Installer\c117671.msp

c:\windows\Installer\c117676.msp

c:\windows\Installer\c11767b.msp

c:\windows\Installer\c117680.msp

c:\windows\Installer\c117685.msp

c:\windows\Installer\c11768a.msp

c:\windows\Installer\c11768f.msp

c:\windows\Installer\c117694.msp

c:\windows\Installer\c117699.msp

c:\windows\Installer\c11769e.msp

c:\windows\Installer\c1176a3.msp

c:\windows\Installer\c1176a8.msp

c:\windows\Installer\c1176ad.msp

c:\windows\Installer\c1a7bda.msp

c:\windows\Installer\c1a7bdf.msp

c:\windows\Installer\c1a7be4.msp

c:\windows\Installer\c1a7be9.msp

c:\windows\Installer\c1a7bee.msp

c:\windows\Installer\c1a7bf3.msp

c:\windows\Installer\c1a7bf8.msp

c:\windows\Installer\c1a7bfd.msp

c:\windows\Installer\c1a7c02.msp

c:\windows\Installer\c1a7c07.msp

c:\windows\Installer\c1a7c0c.msp

c:\windows\Installer\c1a7c11.msp

c:\windows\Installer\c1a7c16.msp

c:\windows\Installer\c1a7c1b.msp

c:\windows\Installer\c1a7c20.msp

c:\windows\Installer\c48e4d5.msp

c:\windows\Installer\c48e4da.msp

c:\windows\Installer\c48e4df.msp

c:\windows\Installer\c48e4e5.msp

c:\windows\Installer\c48e4ea.msp

c:\windows\Installer\c48e4ef.msp

c:\windows\Installer\c48e4f4.msp

c:\windows\Installer\c48e4f9.msp

c:\windows\Installer\c48e4fe.msp

c:\windows\Installer\c48e503.msp

c:\windows\Installer\c48e508.msp

c:\windows\Installer\c48e50d.msp

c:\windows\Installer\c48e512.msp

c:\windows\Installer\c48e517.msp

c:\windows\Installer\c4cb5a4.msp

c:\windows\Installer\c4cb5a9.msp

c:\windows\Installer\c4cb5ae.msp

c:\windows\Installer\c4cb5b3.msp

c:\windows\Installer\c4cb5b8.msp

c:\windows\Installer\c4cb5bd.msp

c:\windows\Installer\c4cb5c2.msp

c:\windows\Installer\c4cb5c7.msp

c:\windows\Installer\c4cb5cc.msp

c:\windows\Installer\c4cb5d1.msp

c:\windows\Installer\c4cb5d6.msp

c:\windows\Installer\c4cb5db.msp

c:\windows\Installer\c4cb5e0.msp

c:\windows\Installer\c4cb5e5.msp

c:\windows\Installer\c4cb5ea.msp

c:\windows\Installer\c6a8d88.msp

c:\windows\Installer\c6a8d8d.msp

c:\windows\Installer\c6a8d92.msp

c:\windows\Installer\c6a8d97.msp

c:\windows\Installer\c6a8d9c.msp

c:\windows\Installer\c6a8da1.msp

c:\windows\Installer\c6a8da6.msp

c:\windows\Installer\c6db0a2.msp

c:\windows\Installer\c6db0a7.msp

c:\windows\Installer\c6db0ac.msp

c:\windows\Installer\c6db0b1.msp

c:\windows\Installer\c6db0b6.msp

c:\windows\Installer\c6db0bb.msp

c:\windows\Installer\c6db0c0.msp

c:\windows\Installer\c6db0c5.msp

c:\windows\Installer\c6db0ca.msp

c:\windows\Installer\c6db0cf.msp

c:\windows\Installer\c6db0d4.msp

c:\windows\Installer\c6db0d9.msp

c:\windows\Installer\c6db0de.msp

c:\windows\Installer\c6db0e3.msp

c:\windows\Installer\c6db0e8.msp

c:\windows\Installer\c7092.msp

c:\windows\Installer\c7097.msp

c:\windows\Installer\c709c.msp

c:\windows\Installer\c70a1.msp

c:\windows\Installer\c70a6.msp

c:\windows\Installer\c70ab.msp

c:\windows\Installer\c8a709e.msp

c:\windows\Installer\c8a70a3.msp

c:\windows\Installer\c8a70a8.msp

c:\windows\Installer\c8a70ad.msp

c:\windows\Installer\c8a70b2.msp

c:\windows\Installer\c8a70b7.msp

c:\windows\Installer\c8a70bc.msp

c:\windows\Installer\cdada7f.msp

c:\windows\Installer\cdada84.msp

c:\windows\Installer\cdada89.msp

c:\windows\Installer\cdada8e.msp

c:\windows\Installer\cdada93.msp

c:\windows\Installer\cdada98.msp

c:\windows\Installer\cdada9d.msp

c:\windows\Installer\cdadaa2.msp

c:\windows\Installer\cdadaa7.msp

c:\windows\Installer\cdadaac.msp

c:\windows\Installer\cdadab1.msp

c:\windows\Installer\cdadab6.msp

c:\windows\Installer\cdadabb.msp

c:\windows\Installer\cdadac0.msp

c:\windows\Installer\cdadac5.msp

c:\windows\Installer\ce39c3.msp

c:\windows\Installer\ce39c8.msp

c:\windows\Installer\ce39cd.msp

c:\windows\Installer\ce39d2.msp

c:\windows\Installer\ce39d7.msp

c:\windows\Installer\ce39dc.msp

c:\windows\Installer\ce39e1.msp

c:\windows\Installer\ce39e6.msp

c:\windows\Installer\ce39eb.msp

c:\windows\Installer\ce39f0.msp

c:\windows\Installer\ce39f5.msp

c:\windows\Installer\ce39fa.msp

c:\windows\Installer\ce39ff.msp

c:\windows\Installer\ce3a04.msp

c:\windows\Installer\d194149.msp

c:\windows\Installer\d19414e.msp

c:\windows\Installer\d194153.msp

c:\windows\Installer\d194158.msp

c:\windows\Installer\d19415d.msp

c:\windows\Installer\d194162.msp

c:\windows\Installer\d194167.msp

c:\windows\Installer\d19416c.msp

c:\windows\Installer\d194171.msp

c:\windows\Installer\d194176.msp

c:\windows\Installer\d19417b.msp

c:\windows\Installer\d194180.msp

c:\windows\Installer\d84e12b.msp

c:\windows\Installer\d84e130.msp

c:\windows\Installer\d84e135.msp

c:\windows\Installer\d84e13a.msp

c:\windows\Installer\d84e13f.msp

c:\windows\Installer\d84e144.msp

c:\windows\Installer\d84e149.msp

c:\windows\Installer\d84e14e.msp

c:\windows\Installer\d84e153.msp

c:\windows\Installer\d84e158.msp

c:\windows\Installer\d84e15d.msp

c:\windows\Installer\d84e162.msp

c:\windows\Installer\d84e167.msp

c:\windows\Installer\d84e16c.msp

c:\windows\Installer\d84e171.msp

c:\windows\Installer\d9f993.msp

c:\windows\Installer\d9f998.msp

c:\windows\Installer\d9f99d.msp

c:\windows\Installer\d9f9a2.msp

c:\windows\Installer\d9f9a7.msp

c:\windows\Installer\d9f9ac.msp

c:\windows\Installer\d9f9b1.msp

c:\windows\Installer\df724b1.msp

c:\windows\Installer\df724b6.msp

c:\windows\Installer\df724bb.msp

c:\windows\Installer\df724c0.msp

c:\windows\Installer\df724c5.msp

c:\windows\Installer\df724ca.msp

c:\windows\Installer\df724cf.msp

c:\windows\Installer\df724d4.msp

c:\windows\Installer\df724d9.msp

c:\windows\Installer\df724de.msp

c:\windows\Installer\df724e3.msp

c:\windows\Installer\df724e8.msp

c:\windows\Installer\e2382b.msp

c:\windows\Installer\e23830.msp

c:\windows\Installer\e23835.msp

c:\windows\Installer\e2383a.msp

c:\windows\Installer\e2383f.msp

c:\windows\Installer\e23844.msp

c:\windows\Installer\e23849.msp

c:\windows\Installer\e2384e.msp

c:\windows\Installer\e23853.msp

c:\windows\Installer\e23858.msp

c:\windows\Installer\e2385d.msp

c:\windows\Installer\e23862.msp

c:\windows\Installer\e23867.msp

c:\windows\Installer\e2386c.msp

c:\windows\Installer\ea696b2.msp

c:\windows\Installer\ea696b7.msp

c:\windows\Installer\ea696bc.msp

c:\windows\Installer\ea696c1.msp

c:\windows\Installer\ea696c6.msp

c:\windows\Installer\ea696cb.msp

c:\windows\Installer\ea696d0.msp

c:\windows\Installer\ea696d5.msp

c:\windows\Installer\ea696da.msp

c:\windows\Installer\ea696df.msp

c:\windows\Installer\ea696e4.msp

c:\windows\Installer\ea696e9.msp

c:\windows\Installer\ea696ee.msp

c:\windows\Installer\ea696f3.msp

c:\windows\Installer\f0e525c.msp

c:\windows\Installer\f0e5261.msp

c:\windows\Installer\f0e5266.msp

c:\windows\Installer\f0e526b.msp

c:\windows\Installer\f0e5270.msp

c:\windows\Installer\f0e5275.msp

c:\windows\Installer\f0e527a.msp

c:\windows\Installer\f0e527f.msp

c:\windows\Installer\f0e5284.msp

c:\windows\Installer\f0e5289.msp

c:\windows\Installer\f0e528e.msp

c:\windows\Installer\f0e5293.msp

c:\windows\Installer\f0e5298.msp

c:\windows\Installer\f0e529d.msp

c:\windows\Installer\f0e52a2.msp

c:\windows\Installer\f311a79.msp

c:\windows\Installer\f311a7e.msp

c:\windows\Installer\f311a83.msp

c:\windows\Installer\f311a88.msp

c:\windows\Installer\f311a8d.msp

c:\windows\Installer\f311a92.msp

c:\windows\Installer\f311a97.msp

c:\windows\Installer\f7c6fef.msp

c:\windows\Installer\f7c6ff4.msp

c:\windows\Installer\f7c6ff9.msp

c:\windows\Installer\f7c6ffe.msp

c:\windows\Installer\f7c7003.msp

c:\windows\Installer\f7c7008.msp

c:\windows\Installer\f7c700d.msp

c:\windows\Installer\f7c7012.msp

c:\windows\Installer\f7c7017.msp

c:\windows\Installer\f7c701c.msp

c:\windows\Installer\f7c7021.msp

c:\windows\Installer\f7c7026.msp

c:\windows\Installer\f7c702b.msp

c:\windows\Installer\f7c7030.msp

c:\windows\Installer\fb1c1a7.msp

c:\windows\Installer\fb1c1ac.msp

c:\windows\Installer\fb1c1b1.msp

c:\windows\Installer\fb1c1b6.msp

c:\windows\Installer\fb1c1bb.msp

c:\windows\Installer\fb1c1c0.msp

c:\windows\Installer\fb1c1c5.msp

c:\windows\Installer\fcec832.msp

c:\windows\Installer\fcec837.msp

c:\windows\Installer\fcec83c.msp

c:\windows\Installer\fcec841.msp

c:\windows\Installer\fcec846.msp

c:\windows\Installer\fcec856.msp

c:\windows\Installer\fcec85b.msp

c:\windows\Installer\WMEncoder.msi

c:\windows\system32\bonigezi.dll

c:\windows\system32\dumphive.exe

c:\windows\system32\fumufovi.dll

c:\windows\system32\gejekoyu.dll

c:\windows\system32\gifeleho.dll

c:\windows\system32\gilumuju.dll

c:\windows\system32\gudeyose.dll

c:\windows\system32\hufufoga.dll.tmp

c:\windows\system32\huyahife.dll

c:\windows\system32\jafajada.dll

c:\windows\system32\jawefinu.dll

c:\windows\system32\jodunufe.dll.tmp

c:\windows\system32\juposeno.dll

c:\windows\system32\kejowigi.dll

c:\windows\system32\koyubevu.dll

c:\windows\system32\nojemete.dll

c:\windows\system32\Process.exe

c:\windows\system32\SrchSTS.exe

c:\windows\system32\tizohafi.dll.tmp

c:\windows\system32\tmp.reg

c:\windows\system32\vibumego.dll

c:\windows\system32\vokeloso.dll

c:\windows\system32\wuvoseti.dll

c:\windows\system32\zatajipi.dll

c:\windows\system32\zazuporo.dll

c:\windows\system32\zohijiho.dll

c:\windows\system32\zorihali.dll.tmp

F:\autorun.inf

.

((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))

.

2009-10-15 07:28 . 2009-10-15 17:52 -------- d-----w- c:\documents and settings\All Users\Application Data\86899141

2009-10-09 18:43 . 2009-10-09 18:43 -------- d-----w- c:\documents and settings\Dean\Application Data\Malwarebytes

2009-10-09 09:42 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-09 09:42 . 2009-10-11 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-09 09:42 . 2009-10-09 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-09 09:42 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-08 03:06 . 2009-09-08 03:06 -------- d-----w- c:\program files\Logitech

2009-09-08 02:54 . 2009-09-08 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd

2009-08-30 04:44 . 2009-08-30 04:44 -------- d-----w- c:\program files\Ventrilo

2009-08-30 04:44 . 2009-08-30 04:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-08-19 21:16 . 2009-08-19 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment

2009-08-06 23:24 . 2006-05-24 21:25 327896 ----a-w- c:\windows\system32\wucltui.dll

2009-08-06 23:24 . 2006-05-24 21:25 209632 ----a-w- c:\windows\system32\wuweb.dll

2009-08-06 23:24 . 2006-05-24 21:25 35552 ----a-w- c:\windows\system32\wups.dll

2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll

2009-08-06 23:24 . 2006-05-24 21:25 53472 ----a-w- c:\windows\system32\wuauclt.exe

2009-08-06 23:24 . 2004-08-04 04:56 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-06 23:23 . 2006-05-24 21:25 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-08-06 23:23 . 2009-02-27 11:48 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-08-06 23:23 . 2009-02-27 11:48 215920 ----a-w- c:\windows\system32\muweb.dll

2009-08-06 23:23 . 2006-05-24 21:25 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-08-06 20:42 . 2006-05-24 21:33 115720 ----a-w- c:\documents and settings\Dean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-05 09:01 . 2004-08-04 04:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2008-01-30 09:00 . 2006-06-16 22:11 6449 -c--a-w- c:\program files\hijackthis.log

2005-02-16 15:06 . 2005-02-16 15:06 218112 -c--a-w- c:\program files\HijackThis.exe

2009-07-15 07:28 . 2009-07-15 07:28 1112325 --sha-w- c:\windows\system32\gigazayu.exe

2009-07-13 07:28 . 2009-07-13 07:28 3 --sha-w- c:\windows\system32\vefukufe.dll

2008-08-04 01:56 . 2008-08-04 01:43 544 -csha-w- c:\windows\system32\drivers\fidbox2.dat

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes Anti-Malware (reboot)"="f:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Logitech G35"="c:\program files\Logitech\G35\G35.exe" [2009-01-08 1795344]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-11 515416]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-01-11 577536]

c:\documents and settings\Dean\Start Menu\Programs\Startup\

Logitech blank Product Registration.lnk - c:\program files\Logitech\G35\eReg.exe [2008-2-13 493832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\StubInstaller.exe"=

"c:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\Program Files\\CA\\eTrust Antivirus\\Shellscn.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\WINDOWS\\system32\\imapi.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\msconfig.exe"=

"c:\\Program Files\\Logitech\\G35\\eReg.exe"=

"c:\\Program Files\\Logitech\\G35\\G35.exe"=

"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=

"c:\\Program Files\\Windows Media Player\\wmpnscfg.exe"=

"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe"=

"c:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"6112:TCP"= 6112:TCP:Blizzard Downloader 6112

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/11/2009 3:28 AM 64160]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [5/24/2006 5:34 PM 13696]

R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [7/8/2008 3:12 AM 16768]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 951632]

R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [9/7/2009 10:53 PM 53392]

R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [9/7/2009 10:53 PM 334992]

S3 BS_Flash;BS_Flash;\??\c:\program files\Tseries BIOS Update\Award\BS_Flash.sys --> c:\program files\Tseries BIOS Update\Award\BS_Flash.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2009-10-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:26]

2009-10-15 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com/puccini/start

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Dean\Application Data\Mozilla\Firefox\Profiles\lye4uqsi.default\

FF - prefs.js: browser.startup.homepage - hxxp://home.myspace.com/index.cfm?fuseaction=user&MyToken=cdf9d9df-9b0c-4304-837d-e5483724c6cf

FF - component: c:\documents and settings\Dean\Application Data\Mozilla\Firefox\Profiles\lye4uqsi.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

- - - - ORPHANS REMOVED - - - -

BHO-{2db42c15-81ea-4ab2-9d88-8e8fbe542142} - koyubevu.dll

HKLM-Run-rewifepon - c:\windows\system32\wuvoseti.dll

HKLM-Run-86899141 - c:\docume~1\ALLUSE~1\APPLIC~1\86899141\86899141.exe

HKLM-Run-kosonituho - zatajipi.dll

SharedTaskScheduler-{b15eccdf-fe6d-4518-8bb7-39584fed4d7a} - c:\windows\system32\wuvoseti.dll

SSODL-hejavazih-{b15eccdf-fe6d-4518-8bb7-39584fed4d7a} - c:\windows\system32\wuvoseti.dll

AddRemove-Audacity_is1 - c:\program files\Audacity\unins000.exe

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-15 15:16

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(3980)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ZoneLabs\vsmon.exe

c:\program files\CA\eTrust Antivirus\InoRpc.exe

c:\program files\CA\eTrust Antivirus\InoRT.exe

c:\program files\CA\eTrust Antivirus\InoTask.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Windows Live\Contacts\wlcomm.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

c:\windows\system32\msiexec.exe

c:\program files\Common Files\Microsoft Shared\Source Engine\OSE.EXE

.

**************************************************************************

.

Completion time: 2009-10-15 15:31 - machine was rebooted

ComboFix-quarantined-files.txt 2009-10-15 19:29

Pre-Run: 9,830,748,160 bytes free

Post-Run: 9,987,215,360 bytes free

Current=12 Default=12 Failed=11 LastKnownGood=14 Sets=1,2,3,4,5,6,7,8,9,10,11,12,13,14

761 --- E O F --- 2009-10-15 19:30

Link to post
Share on other sites

  • Staff

Open NOTEPAD and copy/paste the text in the quotebox below into it:

FOLDER::
c:\documents and settings\All Users\Application Data\86899141
COLLECT::
c:\windows\system32\gigazayu.exe
FILE::
c:\windows\system32\vefukufe.dll
FIXCSET::

Save this as "CFScript"

CFScriptB-4.gif

Referring to the picture above, drag CFScript.txt into ComboFix.exe

When finished, it shall produce a log for you, C:\ComboFix.txt. Post that log in your next reply.

Additonally, ComboFix will generate a zipped file at C:\Qoobox\Quarantine\[4]Submit@Date_Time.zip

Before proceeding to the next step, please submit this file to http://www.bleepingcomputer.com/submit-malware.php?channel=4

---------------

ESET Online Scanner

  • Please go to the following link ESET Online Scanner Link
  • Tick the box YES, I accept the Terms Of Use
  • Click the Start button
  • Now click the Install button
  • Click Start
    The scanner engine will initialise and update
  • Do Not tick the box Remove found threats
  • Click the Scan button
    The scan will now run, please be patient
  • When the scan finishes click the Details tab
  • Copy and paste the contents of the C:\Program Files\EsetOnlineScanner\log.txt back here.

---------------

In your next post, please include fresh logs from:

  1. Online scan
  2. ComboFix's log

Please provide details of any problems you encountered whilst performing the above steps & update us on how the computer behaves now

Link to post
Share on other sites

I've only encountered one problem and it was the first time I ran combo fix, my screen saver had kicked on and when I moved my mouse to get the screen black it was initially just black... then I got my mouse but that was it. I thought it might be part of combo fix but I let it sit for a long time and nothing happened... I then restarted my computer and re-ran combo fix.

EDIT: It's been about 16 minutes and the ESET Online Scanner is seemingly stuck at %17, I don't mean to not follow instructions but I want to post the combofix log just in case my computer were to freak out and close my browser. When the ESET Online Scanner is completed I will post the log file immediately.

Also, I'm worried because the ESET Online Scanner said it needs access to the Administrator or what not and even though I only have 1 User Profile on this computer, when I boot up in Safe Mode, it has a seperate "Administrator" log-in which I'm not sure I have the password for. I'm sure I'll find out sooner or later, ESET Online Scanner Log File coming soon.

ComboFix 09-10-15.01 - Dean 10/15/2009 15:52.3.2 - NTFSx86

Microsoft Windows XP Professional 5.1.2600.3.1252.1.1033.18.2046.1480 [GMT -4:00]

Running from: c:\documents and settings\Dean\My Documents\Downloads\ComboFix.exe

Command switches used :: c:\documents and settings\Dean\My Documents\CFScript.txt

FW: ZoneAlarm Firewall *enabled* {829BDA32-94B3-44F4-8446-F8FCFF809F8B}

FILE ::

"c:\windows\system32\vefukufe.dll"

file zipped: c:\windows\system32\gigazayu.exe

.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))

.

c:\documents and settings\All Users\Application Data\86899141

c:\windows\Installer\1f52ad.msp

c:\windows\Installer\1f52b2.msp

c:\windows\Installer\1f52b7.msp

c:\windows\Installer\73798.msp

c:\windows\Installer\7379d.msp

c:\windows\Installer\737a2.msp

c:\windows\Installer\737a7.msp

c:\windows\Installer\737ac.msp

c:\windows\Installer\737b1.msp

c:\windows\Installer\737b6.msp

c:\windows\system32\gigazayu.exe

c:\windows\system32\vefukufe.dll

.

((((((((((((((((((((((((( Files Created from 2009-09-15 to 2009-10-15 )))))))))))))))))))))))))))))))

.

2009-10-09 18:43 . 2009-10-09 18:43 -------- d-----w- c:\documents and settings\Dean\Application Data\Malwarebytes

2009-10-09 09:42 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys

2009-10-09 09:42 . 2009-10-11 09:38 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware

2009-10-09 09:42 . 2009-10-09 09:42 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes

2009-10-09 09:42 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.

(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))

.

2009-09-11 14:18 . 2004-08-04 04:56 136192 ----a-w- c:\windows\system32\msv1_0.dll

2009-09-08 03:06 . 2009-09-08 03:06 -------- d-----w- c:\program files\Logitech

2009-09-08 02:54 . 2009-09-08 02:54 -------- d-----w- c:\documents and settings\All Users\Application Data\LogiShrd

2009-08-30 04:44 . 2009-08-30 04:44 -------- d-----w- c:\program files\Ventrilo

2009-08-30 04:44 . 2009-08-30 04:44 -------- d-----w- c:\program files\Common Files\Wise Installation Wizard

2009-08-19 21:16 . 2009-08-19 21:15 -------- d-----w- c:\documents and settings\All Users\Application Data\Blizzard Entertainment

2009-08-06 23:24 . 2006-05-24 21:25 327896 ----a-w- c:\windows\system32\wucltui.dll

2009-08-06 23:24 . 2006-05-24 21:25 209632 ----a-w- c:\windows\system32\wuweb.dll

2009-08-06 23:24 . 2006-05-24 21:25 35552 ----a-w- c:\windows\system32\wups.dll

2009-08-06 23:24 . 2005-05-26 08:16 44768 ----a-w- c:\windows\system32\wups2.dll

2009-08-06 23:24 . 2006-05-24 21:25 53472 ------w- c:\windows\system32\wuauclt.exe

2009-08-06 23:24 . 2004-08-04 04:56 96480 ----a-w- c:\windows\system32\cdm.dll

2009-08-06 23:23 . 2006-05-24 21:25 575704 ----a-w- c:\windows\system32\wuapi.dll

2009-08-06 23:23 . 2009-02-27 11:48 274288 ----a-w- c:\windows\system32\mucltui.dll

2009-08-06 23:23 . 2009-02-27 11:48 215920 ----a-w- c:\windows\system32\muweb.dll

2009-08-06 23:23 . 2006-05-24 21:25 1929952 ----a-w- c:\windows\system32\wuaueng.dll

2009-08-06 20:42 . 2006-05-24 21:33 115720 ----a-w- c:\documents and settings\Dean\Local Settings\Application Data\GDIPFONTCACHEV1.DAT

2009-08-05 09:01 . 2004-08-04 04:56 204800 ----a-w- c:\windows\system32\mswebdvd.dll

2009-08-04 15:13 . 2004-08-04 03:20 2145280 ------w- c:\windows\system32\ntoskrnl.exe

2009-08-04 14:20 . 2004-08-03 22:59 2023936 ------w- c:\windows\system32\ntkrnlpa.exe

2009-08-03 19:07 . 2009-08-03 19:07 403816 ----a-w- c:\windows\system32\OGACheckControl.dll

2009-08-03 19:07 . 2009-08-03 19:07 322928 ----a-w- c:\windows\system32\OGAAddin.dll

2009-08-03 19:07 . 2009-08-03 19:07 230768 ----a-w- c:\windows\system32\OGAEXEC.exe

2008-01-30 09:00 . 2006-06-16 22:11 6449 -c--a-w- c:\program files\hijackthis.log

2005-02-16 15:06 . 2005-02-16 15:06 218112 -c--a-w- c:\program files\HijackThis.exe

2008-08-04 01:56 . 2008-08-04 01:43 544 -csha-w- c:\windows\system32\drivers\fidbox2.dat

.

((((((((((((((((((((((((((((( SnapShot@2009-10-15_19.16.47 )))))))))))))))))))))))))))))))))))))))))

.

+ 2008-12-11 07:03 . 2009-05-26 11:40 17272 c:\windows\system32\spmsg.dll

+ 2009-10-09 07:01 . 2009-10-15 19:51 22192 c:\windows\SoftwareDistribution\EventCache\{B6BA84AD-47BB-4BBB-9FBC-F3B200DB3A20}.bin

- 2009-06-25 08:25 . 2009-06-25 08:25 136192 c:\windows\system32\dllcache\msv1_0.dll

+ 2009-06-25 08:25 . 2009-09-11 14:18 136192 c:\windows\system32\dllcache\msv1_0.dll

+ 2008-10-15 18:33 . 2009-08-05 00:44 2189184 c:\windows\system32\dllcache\ntoskrnl.exe

+ 2004-08-03 22:59 . 2009-08-04 14:20 2023936 c:\windows\system32\dllcache\ntkrpamp.exe

- 2004-08-03 22:59 . 2009-02-06 10:32 2023936 c:\windows\system32\dllcache\ntkrpamp.exe

+ 2008-10-15 18:33 . 2009-08-04 14:20 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe

- 2008-10-15 18:33 . 2009-02-07 23:02 2066048 c:\windows\system32\dllcache\ntkrnlpa.exe

- 2004-08-04 03:20 . 2009-02-06 11:06 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2004-08-04 03:20 . 2009-08-04 15:13 2145280 c:\windows\system32\dllcache\ntkrnlmp.exe

+ 2008-10-15 18:33 . 2009-08-05 00:44 2189184 c:\windows\Driver Cache\i386\ntoskrnl.exe

+ 2008-10-15 18:33 . 2009-08-04 14:20 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2008-10-15 18:33 . 2009-02-06 10:32 2023936 c:\windows\Driver Cache\i386\ntkrpamp.exe

- 2008-10-15 18:33 . 2009-02-07 23:02 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe

+ 2008-10-15 18:33 . 2009-08-04 14:20 2066048 c:\windows\Driver Cache\i386\ntkrnlpa.exe

- 2008-10-15 18:33 . 2009-02-06 11:06 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe

+ 2008-10-15 18:33 . 2009-08-04 15:13 2145280 c:\windows\Driver Cache\i386\ntkrnlmp.exe

.

((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))

.

.

*Note* empty entries & legit default entries are not shown

REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2009-02-06 3885408]

"WMPNSCFG"="c:\program files\Windows Media Player\WMPNSCFG.exe" [2006-10-19 204288]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]

"Malwarebytes Anti-Malware (reboot)"="f:\malwarebytes' anti-malware\mbam.exe" [2009-09-10 1312080]

"ZoneAlarm Client"="c:\program files\Zone Labs\ZoneAlarm\zlclient.exe" [2008-11-13 981904]

"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_07\bin\jusched.exe" [2008-06-10 144784]

"StartCCC"="c:\program files\ATI Technologies\ATI.ACE\Core-Static\CLIStart.exe" [2008-08-01 61440]

"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]

"Logitech G35"="c:\program files\Logitech\G35\G35.exe" [2009-01-08 1795344]

"Ad-Watch"="c:\program files\Lavasoft\Ad-Aware\AAWTray.exe" [2009-03-11 515416]

"SoundMan"="SOUNDMAN.EXE" - c:\windows\soundman.exe [2006-01-11 577536]

c:\documents and settings\Dean\Start Menu\Programs\Startup\

Logitech blank Product Registration.lnk - c:\program files\Logitech\G35\eReg.exe [2008-2-13 493832]

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]

@="Service"

[HKEY_LOCAL_MACHINE\software\microsoft\security center]

"AntiVirusOverride"=dword:00000001

"FirewallOverride"=dword:00000001

[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\ZoneLabsFirewall]

"DisableMonitoring"=dword:00000001

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]

"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]

"%windir%\\system32\\sessmgr.exe"=

"c:\\StubInstaller.exe"=

"c:\\Program Files\\CA\\eTrust Antivirus\\InocIT.exe"=

"c:\\Program Files\\Windows Media Player\\wmplayer.exe"=

"c:\\Program Files\\iTunes\\iTunes.exe"=

"c:\\WINDOWS\\system32\\spoolsv.exe"=

"c:\\Program Files\\CA\\eTrust Antivirus\\Shellscn.exe"=

"c:\\WINDOWS\\system32\\dpvsetup.exe"=

"c:\\Program Files\\AIM\\aim.exe"=

"c:\\Program Files\\CA\\eTrust Antivirus\\Realmon.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqtra08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqste08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpofxm08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposfx08.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hposid01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqCopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpfccopy.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpzwiz01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqPhUnl.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\Unload\\HpqDIA.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpoews01.exe"=

"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqnrs08.exe"=

"c:\\Program Files\\DNA\\btdna.exe"=

"c:\\Program Files\\Mozilla Firefox\\firefox.exe"=

"c:\\Program Files\\Messenger\\msmsgs.exe"=

"c:\\Documents and Settings\\All Users\\Application Data\\NexonUS\\NGM\\NGM.exe"=

"%windir%\\Network Diagnostic\\xpnetdiag.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\wlcsdk.exe"=

"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=

"c:\\Program Files\\Ventrilo\\Ventrilo.exe"=

"c:\\WINDOWS\\system32\\ZoneLabs\\vsmon.exe"=

"c:\\WINDOWS\\system32\\imapi.exe"=

"c:\\WINDOWS\\pchealth\\helpctr\\binaries\\msconfig.exe"=

"c:\\Program Files\\Logitech\\G35\\eReg.exe"=

"c:\\Program Files\\Logitech\\G35\\G35.exe"=

"c:\\Program Files\\ATI Technologies\\ATI.ACE\\Core-Static\\CLIStart.exe"=

"c:\\Program Files\\Windows Media Player\\wmpnscfg.exe"=

"c:\\Program Files\\Lavasoft\\Ad-Aware\\AAWTray.exe"=

"c:\\Program Files\\Zone Labs\\ZoneAlarm\\zlclient.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]

"3724:TCP"= 3724:TCP:Blizzard Downloader: 3724

"6112:TCP"= 6112:TCP:Blizzard Downloader 6112

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [3/11/2009 3:28 AM 64160]

R1 BIOS;BIOS;c:\windows\system32\drivers\BIOS.sys [5/24/2006 5:34 PM 13696]

R1 BS_I2cIo;BS_I2cIo;c:\windows\system32\drivers\BS_I2cIo.sys [7/8/2008 3:12 AM 16768]

R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [1/18/2009 5:34 PM 951632]

R3 LADF_DHP2;G35 DHP2 Filter Driver;c:\windows\system32\drivers\ladfDHP2i386.sys [9/7/2009 10:53 PM 53392]

R3 LADF_SBVM;G35 SBVM Filter Driver;c:\windows\system32\drivers\ladfSBVMi386.sys [9/7/2009 10:53 PM 334992]

S3 BS_Flash;BS_Flash;\??\c:\program files\Tseries BIOS Update\Award\BS_Flash.sys --> c:\program files\Tseries BIOS Update\Award\BS_Flash.sys [?]

.

Contents of the 'Scheduled Tasks' folder

2009-10-14 c:\windows\Tasks\Ad-Aware Update (Weekly).job

- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-01-18 07:26]

2009-10-15 c:\windows\Tasks\OGALogon.job

- c:\windows\system32\OGAEXEC.exe [2009-08-03 19:07]

.

.

------- Supplementary Scan -------

.

uStart Page = hxxp://www.aol.com/puccini/start

uInternet Connection Wizard,ShellNext = iexplore

IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\OFFICE11\EXCEL.EXE/3000

FF - ProfilePath - c:\documents and settings\Dean\Application Data\Mozilla\Firefox\Profiles\lye4uqsi.default\

FF - prefs.js: browser.startup.homepage - hxxp://home.myspace.com/index.cfm?fuseaction=user&MyToken=cdf9d9df-9b0c-4304-837d-e5483724c6cf

FF - component: c:\documents and settings\Dean\Application Data\Mozilla\Firefox\Profiles\lye4uqsi.default\extensions\{6AC85730-7D0F-4de0-B3FA-21142DD85326}\platform\WINNT\components\ColorZilla.dll

FF - plugin: c:\documents and settings\All Users\Application Data\NexonUS\NGM\npNxGameUS.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npCID.dll

FF - plugin: c:\program files\Mozilla Firefox\plugins\npunagi2.dll

FF - HiddenExtension: Microsoft .NET Framework Assistant: {20a82645-c095-46ed-80e3-08825760534b} - c:\windows\Microsoft.NET\Framework\v3.5\Windows Presentation Foundation\DotNetAssistantExtension\

.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net

Rootkit scan 2009-10-15 16:04

Windows 5.1.2600 Service Pack 3 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully

hidden files: 0

**************************************************************************

.

--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(636)

c:\windows\system32\Ati2evxx.dll

- - - - - - - > 'explorer.exe'(340)

c:\windows\system32\WPDShServiceObj.dll

c:\windows\system32\PortableDeviceTypes.dll

c:\windows\system32\PortableDeviceApi.dll

.

------------------------ Other Running Processes ------------------------

.

c:\windows\system32\ati2evxx.exe

c:\windows\system32\ZoneLabs\vsmon.exe

c:\windows\system32\ati2evxx.exe

c:\program files\CA\eTrust Antivirus\InoRpc.exe

c:\program files\CA\eTrust Antivirus\InoRT.exe

c:\program files\CA\eTrust Antivirus\InoTask.exe

c:\program files\Common Files\Microsoft Shared\VS7DEBUG\MDM.EXE

c:\windows\system32\HPZipm12.exe

c:\windows\system32\wbem\unsecapp.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\MOM.exe

c:\program files\Windows Live\Contacts\wlcomm.exe

c:\program files\ATI Technologies\ATI.ACE\Core-Static\CCC.exe

.

**************************************************************************

.

Completion time: 2009-10-15 16:15 - machine was rebooted

ComboFix-quarantined-files.txt 2009-10-15 20:15

ComboFix2.txt 2009-10-15 19:31

Pre-Run: 9,885,761,536 bytes free

Post-Run: 9,844,776,960 bytes free

225 --- E O F --- 2009-10-15 19:49

Link to post
Share on other sites

  • Staff
It's been about 16 minutes and the ESET Online Scanner is seemingly stuck at %17,

Disable ZoneAlarm + Adaware while you're scanning. Both are real time scanners. For every file that NOD32 looks at, they both want a peek. So, you end having to scan a file 3 times. Not only do they do that, they sometimes fight for the right to access the file.

Link to post
Share on other sites

Disable ZoneAlarm + Adaware while you're scanning. Both are real time scanners. For every file that NOD32 looks at, they both want a peek. So, you end having to scan a file 3 times. Not only do they do that, they sometimes fight for the right to access the file.

I'm kind of scared to disable Zone Alarm as last time I did so I got the "Security Tool" virus, haha but I trust your judgment.

Link to post
Share on other sites

ComboFix did the trick, for me, re-fixing the "not a valid Windows image" popups.

Tip: After downloading ComboFix, reboot in Safe Mode, *with* Networking.

Safe mode turned off my AVG anti-virus that I couldn't kill otherwise.

And Networking permits ComboFix to download and install the MS Recovery Console, if it is not already installed, so it can do the most thorough job.

Link to post
Share on other sites

C:\Documents and Settings\Dean\My Documents\My Downloads\setup.exe Win32/TrojanDownloader.Zlob.ARF trojan

C:\Documents and Settings\Dean\Shared\01 Track 1.wma WMA/TrojanDownloader.Wimad.K trojan

C:\Documents and Settings\Dean\Shared\05 Track 5.wma probably a variant of Win32/Agent trojan

C:\Qoobox\Quarantine\C\Documents and Settings\All Users\Application Data\86899141\86899141.exe.vir a variant of Win32/Kryptik.AVG trojan

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP2\A0001115.dll a variant of Win32/Adware.SuperJuan.F application

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP2\A0001116.dll a variant of Win32/Adware.SuperJuan.F application

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP2\A0001117.dll a variant of Win32/Adware.SuperJuan.F application

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP4\A0001356.dll a variant of Win32/Adware.SuperJuan.F application

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP4\A0001402.exe a variant of Win32/Kryptik.AVG trojan

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP4\A0001403.exe a variant of Win32/Kryptik.AVG trojan

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP4\A0001407.dll a variant of Win32/Adware.Virtumonde.NFT application

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP5\A0002503.dll a variant of Win32/KillAV.NFZ trojan

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP5\A0002505.dll a variant of Win32/AntiAV.NCZ trojan

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP5\A0002506.dll a variant of Win32/Adware.SuperJuan.F application

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP5\A0002507.dll a variant of Win32/Adware.SuperJuan.F application

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP5\A0002508.dll a variant of Win32/AntiAV.NCZ trojan

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP5\A0002509.dll a variant of Win32/Adware.SuperJuan.H application

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP5\A0002512.dll a variant of Win32/AntiAV.NCZ trojan

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP5\A0002513.dll Win32/KillAV.NFO trojan

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP5\A0002514.dll a variant of Win32/AntiAV.NCZ trojan

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP5\A0002515.dll a variant of Win32/Adware.SuperJuan.H application

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP5\A0002516.dll a variant of Win32/Adware.SuperJuan.H application

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP5\A0002521.dll a variant of Win32/Adware.Virtumonde.NFT application

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP5\A0002523.dll a variant of Win32/Adware.SuperJuan.H application

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP5\A0002524.dll a variant of Win32/AntiAV.NCZ trojan

C:\System Volume Information\_restore{E8C6BB6E-A273-4FD0-A05A-2AEA35E35AAD}\RP5\A0002525.dll a variant of Win32/AntiAV.NCZ trojan

Link to post
Share on other sites

  • Staff

Open NOTEPAD.exe and copy/paste the text in the quotebox below into it:

@echo off
if exist "%temp%\log.txt" del "%temp%\log.txt"

for %%g in (
"C:\Documents and Settings\Dean\My Documents\My Downloads\setup.exe"
"C:\Documents and Settings\Dean\Shared\01 Track 1.wma"
"C:\Documents and Settings\Dean\Shared\05 Track 5.wma"
) do (
del /a/f/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
for %%g in (
"%systemdrive%\VundoFix Backups"
%systemdrive%\Qoobox
) do (
rd /s/q %%g >nul 2>&1
if exist %%g echo.%%~g>>"%temp%\log.txt"
)
if exist "%temp%\log.txt" ( start notepad "%temp%\log.txt"
) else echo.Deleted Successfully !!
pause
del %0

Save this as fix.bat Choose to "Save type as - All Files"

It should look like this: bat_icon.gif

Double click on fix.bat & allow it to run

Post back to tell me what it says

Link to post
Share on other sites

  • Staff

Of the stuff found,

C:\QooBox is ComboFix's quarantine folder. We'll take care of it when we uninstall ComboFix

C:\System Volume Information\ is where System Restore's cache is stored. Whatever is in there can't harm you unless you choose to perform a manual restore. Nevertheless, we shall be reseting/clearing the cache in a little while

----------------------

Now that your system is clean, kindly follow these simple steps in order to keep your computer clean and secure:

  1. Uninstall ComboFix ... do not skip this step
    This process will perform some post cleanup measures.
    Do this by going to to Start > Run & typing in ComboFix /U
  2. ANTIVIRUS SOFTWARE
    It is imperative that you update your Antivirus software at least once a week (Even more if you wish). If you do not update your antivirus software then it will not be able to catch any of the new variants that may come out.
  3. Microsoft Windows Updatehttp://www.windowsupdate.com
    Visit regularly. This will ensure your computer always has the latest security updates. If there are new updates to install, install them immediately, reboot your computer, and revisit the site until there are no more critical updates.
  4. http://www.mozilla.org/products/firefox/ - Firefox - Use this alternate browser. Whilst Internet Explorer is not a bad browser, almost every exploit crafted is targeted to take advantage of an IE weakness.
  5. http://java.com/en/index.jsp - Sun's Java - It's much more secure than Microsoft's Java Virtual Machine.
  6. http://www.aumha.org/downloads/erunt-setup.exe - ERUNT - A useful freeware utility for users of Windows 2000/XP. It's made up of two parts - ERUNT & NTREGOPT.
    ERUNT will create daily complete backups of your computer's Registry. Whilst System Restore does the same thing, a corrupt registry file may prevent Windows from booting & this effectively renders disables System Restore. With ERUNT, you're able to restore the damaged Registry.
    NTREGOPT works by recreating each registry hive "from scratch", thus removing any slack space that may be left from previously modified or deleted keys. In other words, it compacts the Registry to a small size which allows Windows to load & perform faster.

To find out more information about how you got infected in the first place and some great guidelines to follow to prevent future infections you can read this article by Tony Klein - http://www.spywareinfoforum.com/index.php?showtopic=60955

After doing all these, your system will be optimised against future threats.

.

Have a safe & happy computing day. wave.gif

Kindly respond to this thread once more so we can mark this thread as resolved.

Link to post
Share on other sites

Guest
This topic is now closed to further replies.
 Share

  • Recently Browsing   0 members

    • No registered users viewing this page.
Back to top
×
×
  • Create New...

Important Information

This site uses cookies - We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.