Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 




Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > HijackThis Log Help > Resolved HJT Threads
Spyware Spyware
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read

Resolved HJT Threads Resolved spyware and popup issues.

 
Page 2 of 3 < 1 2 3 >
 
Thread Tools
Old 11-26-2006, 10:45 AM   #21 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,432
OS: 2000 Pro; XP Pro; XP Home


Please download the Suspicious File Packer http://www.safer-networking.org/files/sfp.zip

Unzip it to the desktop and run it.
Paste the following list of files into the Suspicious File Packer window:
C:\sUBs\Cfiles.txt
C:\sUBs\Cfolders.txt
C:\sUBs\d-delA
C:\sUBs\d-delB
C:\sUBs\d-delAA
C:\sUBs\d-delBB
C:\sUBs\d-del2A
C:\sUBs\d-del2B
C:\sUBs\srvhost2.txt
C:\sUBs\srvhost.txt
C:\sUBs\drev
Allow SFP to pack the files. This will generate a CAB archive on your desktop.
Please submit it to this site http://www.bleepingcomputer.com/subm....php?channel=4
Please include a link to this topic in the message.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-26-2006, 11:01 AM   #22 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,432
OS: 2000 Pro; XP Pro; XP Home


Once you've performed the last instructions, please do this:

Delete C:\sUBs


* IMPORTANT !!! Be sure ComboFix is on your Desktop.


Go to Start -> Run and then paste in this single line command & click OK
"%userprofile%\desktop\combofix.exe" /v winwea32 ssqpp cmhditn vorenbj uxliwckt
Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall



When finished, it shall produce a log for you. Post that log in your next reply with a new HJT log

If you have any questions, feel free to ask.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-26-2006, 12:37 PM   #23 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 32
OS: XP home edition


Tetonbob i have run Combofix 5 times now and everytime it starts to show its findings the box disappears and leaves my desktop blank


How and where do i find the log for this?
bigbhoy77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-26-2006, 01:03 PM   #24 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,432
OS: 2000 Pro; XP Pro; XP Home


Ok, let's take a step back, please....

First, is your desktop blank now? If so, run ComboFix once again, only this time enter N instead of Y at the first prompt.

Let me know where you stand.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-26-2006, 01:15 PM   #25 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 32
OS: XP home edition


Quote:
Originally Posted by tetonbob View Post
Ok, let's take a step back, please....

First, is your desktop blank now? If so, run ComboFix once again, only this time enter N instead of Y at the first prompt.

Let me know where you stand.
desktop is back to normal now i have to switch computer off and restart to get it back to normal
bigbhoy77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-26-2006, 01:18 PM   #26 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,432
OS: 2000 Pro; XP Pro; XP Home


OK, you shouldn't have to do it that way....but as long as it's stable we can proceed with the cleansing.

Don't fret, as I have many options available.

Please search for and Delete C:\sUBs if it exists.

Please delete your current version of combofix.

Next, please do this:


Download this file from one of these locations:

http://download.bleepingcomputer.com/sUBs/combofix.exe

http://www.techsupportforum.com/sectools/combofix.exe


* IMPORTANT !!! Place it on your Desktop.


Go to Start -> Run and then paste in this single line command & click OK
"%userprofile%\desktop\combofix.exe" /v winwea32 ssqpp cmhditn vorenbj uxliwckt
When finished, it shall produce a log for you. Post that log in your next reply with a new HJT log

Note:
Do not mouseclick combofix's window whilst it's running. That may cause it to stall
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-26-2006, 01:43 PM   #27 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 32
OS: XP home edition


Got it now

David - 06-11-26 20:33:35.98 Service Pack 2
ComboFix 06.11.26 - Running from: "C:\Documents and Settings\David\Desktop"

((((((((((((((((((((((((((((((( Files Created from 2006-10-26 to 2006-11-26 ))))))))))))))))))))))))))))))))))


2006-11-26 15:07 756,893 ---hs---- C:\WINDOWS\system32\ppqss.ini2
2006-11-26 14:06 <DIR> d-------- C:\WINDOWS\system32\ActiveScan
2006-11-26 12:05 53,248 --a------ C:\WINDOWS\system32\Process.exe
2006-11-26 12:05 40,960 --a------ C:\WINDOWS\system32\swsc.exe
2006-11-26 12:05 288,417 --a------ C:\WINDOWS\system32\SrchSTS.exe
2006-11-26 12:05 135,168 --a------ C:\WINDOWS\system32\swreg.exe
2006-11-26 12:05 1,096 --a------ C:\WINDOWS\system32\tmp.reg
2006-11-26 12:03 756,885 ---hs---- C:\WINDOWS\system32\ppqss.bak2
2006-11-26 11:01 <DIR> d-------- C:\Program Files\CleanUp!
2006-11-25 13:23 756,142 ---hs---- C:\WINDOWS\system32\ppqss.bak1
2006-11-25 13:23 38,420 --a------ C:\WINDOWS\system32\uxliwckt.dll
2006-11-25 13:22 708,660 ---hs---- C:\WINDOWS\system32\ssqpp.dll
2006-11-25 13:17 71,168 --a------ C:\WINDOWS\system32\drvloz.dll
2006-11-25 13:17 40,973 ---hs---- C:\WINDOWS\system32\wvusqqr.dll
2006-11-25 00:56 <DIR> d-------- C:\WINDOWS\WBEM
2006-11-25 00:56 <DIR> d-------- C:\WINDOWS\system32\en-US
2006-11-25 00:55 <DIR> d--h-c--- C:\WINDOWS\ie7
2006-11-25 00:53 121,856 --------- C:\WINDOWS\system32\xmllite.dll
2006-11-25 00:52 <DIR> d-------- C:\WINDOWS\network diagnostic
2006-11-24 18:08 <DIR> d-------- C:\highjackthis
2006-11-24 16:04 <DIR> d-------- C:\Program Files\Trend Micro
2006-11-23 22:34 3,968 --a------ C:\WINDOWS\system32\drivers\AvgAsCln.sys
2006-11-23 21:53 51,072 --a------ C:\WINDOWS\system32\drivers\ikhlayer.sys
2006-11-23 21:53 30,592 --a------ C:\WINDOWS\system32\drivers\ikhfile.sys
2006-11-23 21:53 <DIR> d-------- C:\Program Files\Spyware Doctor
2006-11-23 21:53 <DIR> d-------- C:\Documents and Settings\David\Application Data\PC Tools
2006-11-23 19:37 93,696 --a------ C:\WINDOWS\system32\vvdkkpe.dll
2006-11-23 19:37 71,680 --a------ C:\WINDOWS\system32\vorenbj.dll
2006-11-23 19:36 17,408 --a------ C:\WINDOWS\system32\winwea32.dll
2006-11-22 09:52 2,560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-11-20 19:07 <DIR> d-------- C:\Program Files\XP Repair Pro
2006-11-20 00:38 <DIR> d-------- C:\Program Files\MSXML 4.0
2006-11-20 00:38 <DIR> d-------- C:\5fa6a0c440ee954334c91b93cfffadf5
2006-11-11 19:56 <DIR> d-------- C:\Program Files\DkZ Studio
2006-11-08 17:34 9,060 --a------ C:\WINDOWS\system32\drivers\MUsbFltr.sys
2006-11-08 17:34 8,963 --a------ C:\WINDOWS\system32\drivers\UsbFltr.sys
2006-11-08 17:34 8,448 --a------ C:\WINDOWS\system32\drivers\moufiltr.sys
2006-11-08 17:34 57,344 --------- C:\WINDOWS\system32\HKLock.dll
2006-11-08 17:34 57,344 --------- C:\WINDOWS\HKLock.dll
2006-11-08 17:34 11,776 --a------ C:\WINDOWS\system32\drivers\kbfilter.sys
2006-11-08 17:34 <DIR> d-------- C:\Program Files\Labtec Wireless Desktop
2006-11-08 17:29 12,160 --a------ C:\WINDOWS\system32\drivers\mouhid.sys
2006-11-08 17:28 21,504 --a------ C:\WINDOWS\system32\hidserv.dll
2006-11-08 17:28 14,848 --a------ C:\WINDOWS\system32\drivers\kbdhid.sys
2006-11-07 21:03 6,049,280 --------- C:\WINDOWS\system32\ieframe.dll
2006-11-07 21:03 50,688 --------- C:\WINDOWS\system32\msfeedsbs.dll
2006-11-07 21:03 458,752 --------- C:\WINDOWS\system32\msfeeds.dll
2006-11-07 21:03 180,736 --------- C:\WINDOWS\system32\ieui.dll
2006-11-07 18:33 364,544 --a------ C:\WINDOWS\system32\TwnLib4.dll
2006-11-07 18:33 32,768 --a------ C:\WINDOWS\system32\BCGPOleAcc.dll
2006-11-07 18:33 2,605,056 --a------ C:\WINDOWS\system32\BCGCBPRO800u.dll
2006-11-07 18:33 2,600,960 --a------ C:\WINDOWS\system32\BCGCBPRO800.dll
2006-11-07 18:33 <DIR> d-------- C:\Program Files\Common Files\Ahead
2006-11-07 03:26 13,312 --a------ C:\WINDOWS\system32\ieudinit.exe
2006-11-05 00:18 737,280 --a------ C:\WINDOWS\iun6002.exe
2006-11-04 14:14 1,245,696 --a------ C:\WINDOWS\system32\msxml4.dll
2006-11-04 12:45 9,600 --a------ C:\WINDOWS\system32\drivers\hidusb.sys
2006-11-04 12:45 36,224 --a------ C:\WINDOWS\system32\drivers\hidclass.sys
2006-11-04 12:45 24,960 --a------ C:\WINDOWS\system32\drivers\hidparse.sys
2006-11-04 10:10 <DIR> dr-h----- C:\Documents and Settings\David\Recent
2006-11-02 21:53 98,304 --a------ C:\WINDOWS\system32\CmdLineExt.dll
2006-11-02 18:47 720,896 --a------ C:\WINDOWS\iun6002ev.exe
2006-11-02 18:47 <DIR> d-------- C:\Program Files\Full Speed
2006-11-01 20:01 <DIR> d-------- C:\Program Files\Winamp
2006-10-31 22:37 <DIR> d-------- C:\Program Files\WinAVI Video Converter
2006-10-30 12:13 110,612 --a------ C:\WINDOWS\system32\ejqbbdey.exe
2006-10-30 12:13 <DIR> d-------- C:\Program Files\VSAdd-in
2006-10-30 09:11 652,080 --ahs---- C:\WINDOWS\system32\kjllm.ini2
2006-10-28 16:13 <DIR> d-------- C:\Documents and Settings\David Wales\Application Data\Talkback
2006-10-28 16:13 <DIR> d-------- C:\Documents and Settings\David Wales\Application Data\Mozilla
2006-10-28 16:12 <DIR> d-------- C:\Program Files\Mozilla Firefox
2006-10-28 13:46 <DIR> d-------- C:\Program Files\Gogglebox TV


(((((((((((((((((((((((((((((((((((((((((((((((( Find3M Report )))))))))))))))))))))))))))))))))))))))))))))))))))))


2006-11-26 20:30 -------- d-------- C:\Program Files\Common Files
2006-11-26 17:58 -------- d-------- C:\Program Files\WinRAR
2006-11-26 16:19 -------- d-------- C:\Program Files\MSN Messenger
2006-11-26 14:59 -------- d-------- C:\Program Files\Windows Media Player
2006-11-26 14:57 -------- d-------- C:\Program Files\Spybot - Search & Destroy
2006-11-26 14:50 -------- d-------- C:\Program Files\Messenger
2006-11-26 14:50 -------- d-------- C:\Program Files\Lexmark X1100 Series
2006-11-26 14:42 -------- d-------- C:\Program Files\Internet Explorer
2006-11-26 14:41 -------- d-------- C:\Program Files\Google
2006-11-26 14:39 -------- d-------- C:\Program Files\Common Files\AOL
2006-11-26 14:35 -------- d-------- C:\Program Files\AOL 9.0
2006-11-26 13:56 -------- d---s---- C:\Documents and Settings\David\Application Data\Microsoft
2006-11-24 16:00 -------- d-------- C:\Documents and Settings\David\Application Data\uTorrent
2006-11-23 22:34 -------- d-------- C:\Program Files\Grisoft
2006-11-23 21:42 -------- d-------- C:\Program Files\VSToolbar
2006-11-23 21:00 -------- d-------- C:\Program Files\XoftSpy
2006-11-22 09:53 -------- d-------- C:\Program Files\VoyagerTest
2006-11-22 09:52 2560 --a------ C:\WINDOWS\_MSRSTRT.EXE
2006-11-22 09:51 -------- d-------- C:\Program Files\BT Voyager 105 ADSL Modem
2006-11-21 23:27 -------- d-------- C:\Documents and Settings\David\Application Data\AdobeUM
2006-11-14 20:52 -------- d-------- C:\Program Files\XBCD
2006-11-11 19:56 -------- d-------- C:\Program Files\Common Files\Microsoft Shared
2006-11-08 17:34 -------- d--h----- C:\Program Files\InstallShield Installation Information
2006-11-07 21:03 413696 --a------ C:\WINDOWS\system32\vbscript.dll
2006-11-07 21:03 231424 --a------ C:\WINDOWS\system32\webcheck.dll
2006-11-07 21:03 156160 --a------ C:\WINDOWS\system32\msls31.dll
2006-11-07 19:08 -------- d-------- C:\Program Files\KONAMI
2006-11-07 18:33 -------- d-------- C:\Program Files\Nero
2006-11-07 03:27 382976 --a------ C:\WINDOWS\system32\iedkcs32.dll
2006-11-07 03:27 229376 --a------ C:\WINDOWS\system32\ieaksie.dll
2006-11-07 03:26 71680 --a------ C:\WINDOWS\system32\admparse.dll
2006-11-07 03:26 55296 --a------ C:\WINDOWS\system32\iesetup.dll
2006-11-07 03:26 54784 --a------ C:\WINDOWS\system32\ie4uinit.exe
2006-11-07 03:26 43008 --a------ C:\WINDOWS\system32\iernonce.dll
2006-11-07 03:26 152064 --a------ C:\WINDOWS\system32\ieakeng.dll
2006-11-07 03:26 123904 --a------ C:\WINDOWS\system32\advpack.dll
2006-11-07 03:25 161792 --a------ C:\WINDOWS\system32\ieakui.dll
2006-11-05 14:28 359808 --a------ C:\WINDOWS\system32\drivers\TCPIP.SYS
2006-11-05 14:28 -------- d-------- C:\Program Files\PPLive
2006-11-04 10:01 -------- d-------- C:\Program Files\Skills For Success
2006-10-30 20:59 649396 --ahs---- C:\WINDOWS\system32\kjllm.bak2
2006-10-27 23:08 -------- d-------- C:\Documents and Settings\David Wales\Application Data\ppStream
2006-10-24 21:27 -------- d-------- C:\Program Files\Evidence Eliminator
2006-10-21 22:00 -------- d-------- C:\Program Files\PPMate
2006-10-21 10:42 -------- d-------- C:\Program Files\Common Files\SWF Studio
2006-10-21 10:41 -------- d-------- C:\Program Files\Riva
2006-10-19 21:48 -------- d-------- C:\Program Files\dvdSanta
2006-10-19 21:26 -------- d-------- C:\Program Files\Magic Burning Studio
2006-10-19 19:44 -------- d-------- C:\Documents and Settings\David\Application Data\SearchToolbarCorp
2006-10-17 12:06 78336 --a------ C:\WINDOWS\system32\ieencode.dll
2006-10-17 12:05 40960 --a------ C:\WINDOWS\system32\licmgr10.dll
2006-10-17 12:05 206336 --------- C:\WINDOWS\system32\WinFXDocObj.exe
2006-10-17 12:05 105984 --a------ C:\WINDOWS\system32\url.dll
2006-10-17 12:04 101376 --a------ C:\WINDOWS\system32\occache.dll
2006-10-17 12:03 17408 --a------ C:\WINDOWS\system32\corpol.dll
2006-10-17 11:58 61952 --------- C:\WINDOWS\system32\icardie.dll
2006-10-17 11:58 12288 --------- C:\WINDOWS\system32\msfeedssync.exe
2006-10-17 11:57 36352 --a------ C:\WINDOWS\system32\imgutil.dll
2006-10-17 11:57 266752 --------- C:\WINDOWS\system32\iertutil.dll
2006-10-17 11:56 45568 --a------ C:\WINDOWS\system32\mshta.exe
2006-10-17 11:28 48128 --a------ C:\WINDOWS\system32\mshtmler.dll
2006-10-17 11:27 380928 --------- C:\WINDOWS\system32\ieapfltr.dll
2006-10-16 16:51 -------- d-------- C:\Program Files\McAfee.com
2006-10-16 16:50 -------- d-------- C:\Program Files\McAfee
2006-10-15 21:05 -------- d-------- C:\Program Files\Common Files\McAfee
2006-10-15 20:59 -------- d-------- C:\Documents and Settings\David\Application Data\Lavasoft
2006-10-14 12:51 -------- d-------- C:\Program Files\uTorrent
2006-10-13 12:35 142336 --a------ C:\WINDOWS\system32\nwprovau.dll
2006-10-12 19:30 -------- d-------- C:\Program Files\Alwil Software
2006-10-11 18:11 682481 --a------ C:\WINDOWS\system32\pmkjg.dll
2006-10-11 18:04 94208 --a------ C:\WINDOWS\system32\bqekkkf.dll
2006-10-11 18:04 72704 --a------ C:\WINDOWS\system32\cmhditn.dll
2006-10-10 20:31 -------- d-------- C:\Program Files\WinAVIVideoConverter
2006-10-10 18:12 -------- d-------- C:\Program Files\Cucusoft
2006-10-10 16:56 -------- d-------- C:\Program Files\SpywareBlaster
2006-10-10 16:55 -------- d-------- C:\Program Files\KONAMI(2)
2006-10-10 16:55 -------- d-------- C:\Program Files\Eusing Free Registry Cleaner
2006-10-10 16:55 -------- d-------- C:\Program Files\directx
2006-10-10 16:55 -------- d-------- C:\Program Files\BitLord
2006-10-10 16:54 -------- d-------- C:\Program Files\DivX
2006-10-09 18:37 -------- d-------- C:\Documents and Settings\David\Application Data\Ahead
2006-10-08 18:45 -------- d-------- C:\Documents and Settings\David\Application Data\LimeWire
2006-10-06 17:24 -------- d-------- C:\Program Files\Alcohol Soft
2006-10-04 22:10 -------- d-------- C:\Program Files\Xilisoft
2006-10-01 08:16 778656 --a------ C:\WINDOWS\system32\drivers\avg7core.sys
2006-09-28 18:29 -------- d-------- C:\Program Files\Common Files\NSV
2006-09-27 17:19 -------- d-------- C:\Program Files\TVU Player
2006-09-27 16:02 -------- d-------- C:\Documents and Settings\David\Application Data\Nokia Multimedia Player
2006-09-27 15:52 -------- d-------- C:\Documents and Settings\David\Application Data\vlc
2006-09-27 15:51 -------- d-------- C:\Program Files\VideoLAN
2006-09-26 17:03 -------- d-------- C:\Program Files\tvants
2006-09-26 17:02 -------- d-------- C:\Program Files\SatelliteTVforPC
2006-09-25 20:37 9654 --a------ C:\Documents and Settings\David\Application Data\NMM-MetaData.db
2006-09-13 05:01 1084416 --a------ C:\WINDOWS\system32\msxml3.dll
2006-09-06 16:43 22752 --a------ C:\WINDOWS\system32\spupdsvc.exe
2006-08-30 22:25 34308 --a------ C:\WINDOWS\system32\Chip.dll
2006-08-30 22:24 53760 --a------ C:\WINDOWS\system32\Squeeze.dll


(((((((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))

*Note* empty entries are not shown

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\run]
"ctfmon.exe"="C:\\WINDOWS\\system32\\ctfmon.exe"
"MSMSGS"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\run]
"NvCplDaemon"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvCpl.dll,NvStartup"
"CHotkey"="zHotkey.exe"
"AOLDialer"="C:\\Program Files\\Common Files\\AOL\\ACS\\AOLDial.exe"
"NvMediaCenter"="RUNDLL32.EXE C:\\WINDOWS\\system32\\NvMcTray.dll,NvTaskbarInit"
"nwiz"="nwiz.exe /install"
"AVG7_CC"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgcc.exe /STARTUP"
"!AVG Anti-Spyware"="\"C:\\Program Files\\Grisoft\\AVG Anti-Spyware 7.5\\avgas.exe\" /minimized"
"SunKistEM"="C:\\Program Files\\Digital Media Reader\\shwiconem.exe"

[HKEY_CURRENT_USER\software\microsoft\internet explorer\desktop\components]
"DeskHtmlVersion"=dword:00000110
"DeskHtmlMinorVersion"=dword:00000005
"Settings"=dword:00000001
"GeneralFlags"=dword:00000005

[HKEY_USERS\.default\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"=""

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\run]
"CTFMON.EXE"="C:\\WINDOWS\\system32\\CTFMON.EXE"
"AVG7_Run"="C:\\PROGRA~1\\Grisoft\\AVGFRE~1\\avgw.exe /RUNONCE"
"Spyware Doctor"=""

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\sharedtaskscheduler]
"{438755C2-A8BA-11D1-B96B-00A0C90312E1}"="Browseui preloader"
"{8C7461EF-2B13-11d2-BE35-3078302C2030}"="Component Categories cache daemon"

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\explorer\shellexecutehooks]
"{AEB6717E-7E19-11d0-97EE-00C04FD91972}"=""
"{57B86673-276A-48B2-BAE7-C6DBB3020EB8}"="AVG Anti-Spyware 7.5"

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091
"NoLowDiskSpaceChecks"=dword:00000001

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer\Run]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\system]
"dontdisplaylastusername"=dword:00000000
"legalnoticecaption"=""
"legalnoticetext"=""
"shutdownwithoutlogon"=dword:00000001
"undockwithoutlogon"=dword:00000001

[HKEY_USERS\.default\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_USERS\s-1-5-18\software\microsoft\windows\currentversion\policies\explorer]
"NoDriveTypeAutoRun"=dword:00000091

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\shellserviceobjectdelayload]
"PostBootReminder"="{7849596a-48ea-486e-8937-a2a3009f31a9}"
"CDBurn"="{fbeb8a05-beee-4442-804e-409d6c4515e9}"
"WebCheck"="{E6FB5E20-DE35-11CF-9C87-00AA005127ED}"
"SysTray"="{35CEC8A3-2BE6-11D2-8773-92E220524153}"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder]

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^BigFix.lnk]
"backup"="C:\\WINDOWS\\pss\\BigFix.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\BigFix\\bigfix.exe /atstartup"
"item"="BigFix"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Enable Labtec Wireless Desktop.lnk]
"path"="C:\\Documents and Settings\\All Users\\Start Menu\\Programs\\Startup\\Enable Labtec Wireless Desktop.lnk"
"backup"="C:\\WINDOWS\\pss\\Enable Labtec Wireless Desktop.lnkCommon Startup"
"location"="Common Startup"
"command"="C:\\PROGRA~1\\LABTEC~1\\MagicKey.exe "
"item"="Enable Labtec Wireless Desktop"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"=""
"hkey"="HKLM"
"command"=""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Evidence Eliminator]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="ee"
"hkey"="HKCU"
"command"="C:\\Program Files\\Evidence Eliminator\\ee.exe /m"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\IPHSend]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="IPHSend"
"hkey"="HKLM"
"command"="C:\\Program Files\\Common Files\\AOL\\IPHSend\\IPHSend.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\iTunesHelper]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="iTunesHelper"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Lexmark X1100 Series]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="lxbkbmgr"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\Lexmark X1100 Series\\lxbkbmgr.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\MSMSGS]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="msmsgs"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Messenger\\msmsgs.exe\" /background"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\NeroFilterCheck]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="NeroCheck"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\pbmini]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PodcastBar"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PCSuiteTrayApplication]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="LAUNCH~1"
"hkey"="HKLM"
"command"="C:\\PROGRA~1\\Nokia\\NOKIAP~1\\LAUNCH~1.EXE -startup"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\PcSync]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PcSync2"
"hkey"="HKCU"
"command"="C:\\Program Files\\Nokia\\Nokia PC Suite 6\\PcSync2.exe /NoDialog"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\QuickTime Task]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="qttask"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\QuickTime\\qttask.exe\" -atboottime"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RealTray]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RealPlay"
"hkey"="HKLM"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Recguard]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="RECGUARD"
"hkey"="HKLM"
"command"="%WINDIR%\\SMINST\\RECGUARD.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\RemoteControl]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="PDVDServ"
"hkey"="HKLM"
"command"="\"C:\\Program Files\\CyberLink\\PowerDVD\\PDVDServ.exe\""
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\SoundMan]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="SOUNDMAN"
"hkey"="HKLM"
"command"="SOUNDMAN.EXE"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\WinampAgent]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="winampa"
"hkey"="HKLM"
"command"="C:\\Program Files\\Winamp\\winampa.exe"
"inimapping"="0"

[HKEY_LOCAL_MACHINE\software\microsoft\shared tools\msconfig\startupreg\Yahoo! Pager]
"key"="SOFTWARE\\Microsoft\\Windows\\CurrentVersion\\Run"
"item"="YahooMessenger"
"hkey"="HKCU"
"command"="\"C:\\Program Files\\Yahoo!\\Messenger\\YahooMessenger.exe\" -quiet"
"inimapping"="0"

HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\ssqpp
HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\winwea32

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\securityproviders]
"SecurityProviders"="msapsspc.dll, schannel.dll, digest.dll, msnsspc.dll"


Contents of the 'Scheduled Tasks' folder
C:\WINDOWS\tasks\XoftSpy.job

Completion time: 06-11-26 20:36:16.06
C:\ComboFix.txt ... 06-11-26 20:36
C:\ComboFix2.txt ... 06-11-26 20:29
C:\ComboFix3.txt ... 06-11-26 19:24



*******************************************************

Logfile of HijackThis v1.99.1
Scan saved at 20:42:29, on 26/11/2006
Platform: Windows XP SP2 (WinNT 5.01.2600)
MSIE: Internet Explorer v7.00 (7.00.5730.0011)

Running processes:
C:\WINDOWS\System32\smss.exe
C:\WINDOWS\system32\csrss.exe
C:\WINDOWS\system32\winlogon.exe
C:\WINDOWS\system32\services.exe
C:\WINDOWS\system32\lsass.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\System32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\LEXBCES.EXE
C:\WINDOWS\system32\LEXPPS.EXE
C:\WINDOWS\system32\spoolsv.exe
C:\WINDOWS\Explorer.EXE
C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
C:\WINDOWS\zHotkey.exe
C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe
C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe
C:\Program Files\Digital Media Reader\shwiconem.exe
C:\WINDOWS\system32\ctfmon.exe
C:\PROGRA~1\McAfee\MSC\mctskshd.exe
C:\Program Files\Messenger\msmsgs.exe
C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
C:\PROGRA~1\mcafee.com\agent\mcagent.exe
C:\WINDOWS\system32\nvsvc32.exe
C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
C:\Program Files\Spyware Doctor\sdhelp.exe
C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
C:\Program Files\AOL 9.0\waol.exe
C:\WINDOWS\system32\svchost.exe
C:\WINDOWS\system32\wdfmgr.exe
C:\WINDOWS\system32\wbem\wmiprvse.exe
C:\WINDOWS\System32\alg.exe
C:\Program Files\AOL 9.0\shellmon.exe
C:\Program Files\Common Files\AOL\aoltpspd.exe
C:\PROGRA~1\McAfee\MSC\mcinfo.exe
C:\WINDOWS\system32\cmd.exe
C:\WINDOWS\system32\swsc.exe
C:\highjackthis\happy.exe

R1 - HKCU\Software\Microsoft\Internet Connection Wizard,ShellNext = http://uk.mcafee.com/apps/vso/en-gb/...p?affid=370-21
R3 - URLSearchHook: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: (no name) - {013A653B-49A6-4f76-8B68-E4875EA6BA54} - C:\WINDOWS\system32\uxliwckt.dll
O2 - BHO: Yahoo! Toolbar Helper - {02478D38-C3F9-4EFB-9B51-7695ECA05670} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O2 - BHO: AcroIEHlprObj Class - {06849E9F-C8D7-4D59-B87D-784B7D6BE0B3} - C:\Program Files\Adobe\Acrobat 7.0\ActiveX\AcroIEHelper.dll
O2 - BHO: (no name) - {099D0986-C204-F967-3343-00A64FA96FB9} - C:\WINDOWS\system32\vorenbj.dll
O2 - BHO: (no name) - {242A5537-631F-9060-FB37-0A8C162B8D5A} - C:\WINDOWS\system32\cmhditn.dll
O2 - BHO: (no name) - {51C104A3-AC21-4064-83D1-B27DCCB89518} - C:\WINDOWS\system32\ssqpp.dll
O2 - BHO: (no name) - {53707962-6F74-2D53-2644-206D7942484F} - C:\PROGRA~1\SPYBOT~1\SDHelper.dll
O2 - BHO: Yahoo! IE Services Button - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O2 - BHO: PCTools Site Guard - {5C8B2A36-3DB1-42A4-A3CB-D426709BBFEB} - C:\PROGRA~1\SPYWAR~2\tools\iesdsg.dll
O2 - BHO: Google Toolbar Helper - {AA58ED58-01DD-4d91-8333-CF10577473F7} - c:\program files\google\googletoolbar2.dll
O2 - BHO: PCTools Browser Monitor - {B56A7D7D-6927-48C8-A975-17DF180C71AC} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O3 - Toolbar: &Google - {2318C2B1-4965-11d4-9B18-009027A5CD4F} - c:\program files\google\googletoolbar2.dll
O3 - Toolbar: &Yahoo! Toolbar - {EF99BD32-C1FB-11D2-892F-0090271D4F88} - C:\Program Files\Yahoo!\Companion\Installs\cpn\yt.dll
O3 - Toolbar: AOL Toolbar - {4982D40A-C53B-4615-B15B-B5B5E98D167C} - C:\Program Files\AOL Toolbar\toolbar.dll
O4 - HKLM\..\Run: [NvCplDaemon] RUNDLL32.EXE C:\WINDOWS\system32\NvCpl.dll,NvStartup
O4 - HKLM\..\Run: [CHotkey] zHotkey.exe
O4 - HKLM\..\Run: [AOLDialer] C:\Program Files\Common Files\AOL\ACS\AOLDial.exe
O4 - HKLM\..\Run: [NvMediaCenter] RUNDLL32.EXE C:\WINDOWS\system32\NvMcTray.dll,NvTaskbarInit
O4 - HKLM\..\Run: [nwiz] nwiz.exe /install
O4 - HKLM\..\Run: [AVG7_CC] C:\PROGRA~1\Grisoft\AVGFRE~1\avgcc.exe /STARTUP
O4 - HKLM\..\Run: [!AVG Anti-Spyware] "C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\avgas.exe" /minimized
O4 - HKLM\..\Run: [SunKistEM] C:\Program Files\Digital Media Reader\shwiconem.exe
O4 - HKCU\..\Run: [ctfmon.exe] C:\WINDOWS\system32\ctfmon.exe
O4 - HKCU\..\Run: [MSMSGS] "C:\Program Files\Messenger\msmsgs.exe" /background
O4 - Global Startup: AOL 9.0 Tray Icon.lnk = C:\Program Files\AOL 9.0\aoltray.exe
O8 - Extra context menu item: &Google Search - res://c:\program files\google\googletoolbar2.dll/cmsearch.html
O8 - Extra context menu item: &Translate English Word - res://c:\program files\google\googletoolbar2.dll/cmwordtrans.html
O8 - Extra context menu item: &Yahoo! Search - file:///C:\Program Files\Yahoo!\Common/ycsrch.htm
O8 - Extra context menu item: Backward Links - res://c:\program files\google\googletoolbar2.dll/cmbacklinks.html
O8 - Extra context menu item: Cached Snapshot of Page - res://c:\program files\google\googletoolbar2.dll/cmcache.html
O8 - Extra context menu item: Similar Pages - res://c:\program files\google\googletoolbar2.dll/cmsimilar.html
O8 - Extra context menu item: Translate Page into English - res://c:\program files\google\googletoolbar2.dll/cmtrans.html
O8 - Extra context menu item: Yahoo! &Dictionary - file:///C:\Program Files\Yahoo!\Common/ycdict.htm
O8 - Extra context menu item: Yahoo! &Maps - file:///C:\Program Files\Yahoo!\Common/ycmap.htm
O8 - Extra context menu item: Yahoo! &SMS - file:///C:\Program Files\Yahoo!\Common/ycsms.htm
O9 - Extra button: Spyware Doctor - {2D663D1A-8670-49D9-A1A5-4C56B4E14E84} - C:\PROGRA~1\SPYWAR~2\tools\iesdpb.dll
O9 - Extra button: Yahoo! Services - {5BAB4B5B-68BC-4B02-94D6-2FC0DE4A7897} - C:\Program Files\Yahoo!\Common\yiesrvc.dll
O9 - Extra button: (no name) - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O9 - Extra 'Tools' menuitem: @xpsp3res.dll,-20001 - {e2e2dd38-d088-4134-82b7-f2ba38496583} - %windir%\Network Diagnostic\xpnetdiag.exe (file missing)
O11 - Options group: [INTERNATIONAL] International*
O16 - DPF: {9A9307A0-7DA4-4DAF-B042-5009F29E09E1} (ActiveScan Installer Class) - http://acs.pandasoftware.com/actives...ree/asinst.cab
O17 - HKLM\System\CCS\Services\Tcpip\..\{C062FE27-5E27-443A-9A83-CCE515C41F29}: NameServer = 205.188.146.145
O18 - Protocol: msnim - {828030A1-22C1-4009-854F-8E305202313F} - "C:\PROGRA~1\MSNMES~1\msgrapp.dll" (file missing)
O20 - Winlogon Notify: ssqpp - C:\WINDOWS\system32\ssqpp.dll
O20 - Winlogon Notify: WgaLogon - C:\WINDOWS\SYSTEM32\WgaLogon.dll
O20 - Winlogon Notify: winwea32 - C:\WINDOWS\SYSTEM32\winwea32.dll
O23 - Service: AOL Connectivity Service (AOL ACS) - America Online, Inc. - C:\Program Files\Common Files\AOL\ACS\AOLAcsd.exe
O23 - Service: AVG Anti-Spyware Guard - Anti-Malware Development a.s. - C:\Program Files\Grisoft\AVG Anti-Spyware 7.5\guard.exe
O23 - Service: AVG7 Alert Manager Server (Avg7Alrt) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgamsvr.exe
O23 - Service: AVG7 Update Service (Avg7UpdSvc) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgupsvc.exe
O23 - Service: AVG E-mail Scanner (AVGEMS) - GRISOFT, s.r.o. - C:\PROGRA~1\Grisoft\AVGFRE~1\avgemc.exe
O23 - Service: InstallDriver Table Manager (IDriverT) - Macrovision Corporation - C:\Program Files\Common Files\InstallShield\Driver\11\Intel 32\IDriverT.exe
O23 - Service: LexBce Server (LexBceS) - Lexmark International, Inc. - C:\WINDOWS\system32\LEXBCES.EXE
O23 - Service: McAfee Log Manager (McLogManagerService) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mclogsrv.exe
O23 - Service: McAfee Update Manager (mcmispupdmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcupdmgr.exe
O23 - Service: McAfee Protection Manager (mcpromgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcpromgr.exe
O23 - Service: McAfee.com McShield (McShield) - Unknown owner - c:\PROGRA~1\mcafee.com\vso\mcshield.exe (file missing)
O23 - Service: McAfee Task Scheduler (McTskshd.exe) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mctskshd.exe
O23 - Service: McAfee User Manager (mcusrmgr) - McAfee, Inc. - C:\PROGRA~1\McAfee\MSC\mcusrmgr.exe
O23 - Service: NVIDIA Display Driver Service (NVSvc) - NVIDIA Corporation - C:\WINDOWS\system32\nvsvc32.exe
O23 - Service: PrismXL - New Boundary Technologies, Inc. - C:\Program Files\Common Files\New Boundary\PrismXL\PRISMXL.SYS
O23 - Service: PC Tools Spyware Doctor (SDhelper) - PC Tools Research Pty Ltd - C:\Program Files\Spyware Doctor\sdhelp.exe
O23 - Service: ServiceLayer - Nokia. - C:\Program Files\Common Files\PCSuite\Services\ServiceLayer.exe
bigbhoy77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-26-2006, 01:46 PM   #28 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,432
OS: 2000 Pro; XP Pro; XP Home


OK, this version will work for us, but rather than double click on it, please use the command structure I indicated.....it will then remove many of the nasties still showing in your log.

Please do this:

Go to Start -> Run and then paste in this single line command & click OK

"%userprofile%\desktop\combofix.exe" /v winwea32 ssqpp cmhditn vorenbj uxliwckt

When finished, it shall produce a log for you. Post that log in your next reply with a new HJT log
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-26-2006, 02:03 PM   #29 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 32
OS: XP home edition


when i do it the way you told me it automatically goes away after it does the scan and i can't find where the log is. Any idea's where this can be found?


Sorry for all the hassle!
bigbhoy77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-26-2006, 02:06 PM   #30 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,432
OS: 2000 Pro; XP Pro; XP Home


The process is much the same....a text file should open when combo is done.

If it did not open automatically, it should be located at C:\ComboFix.txt
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-26-2006, 02:35 PM   #31 (permalink)
Registered User
 
Join Date: Aug 2006
Posts: 32
OS: XP home edition


It doesn't open automatically and the only text file i can locate is this one

David- 06-11-26 21:30:29.68 Service Pack 2
ComboFix 06.11.26 - Running from: "C:\Documents and Settings\David\desktop"
Command switches used :: /v winwea32 ssqpp cmhditn vorenbj uxliwckt
bigbhoy77 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!
Old 11-26-2006, 02:36 PM   #32 (permalink)
Manager, Security Center, TSF Academy; Analyst, Security Team
 
tetonbob's Avatar
 
Join Date: Jan 2005
Location: Transylvania County, North Carolina, USA
Posts: 26,432
OS: 2000 Pro; XP Pro; XP Home


moving on....

Please download VundoFix.exe to your desktop
  • Double-click VundoFix.exe to run it.
  • Click the Scan for Vundo button.
  • Once it's done scanning, click the Remove Vundo button.
  • You will receive a prompt asking if you want to remove the files, click YES
  • Once you click yes, your desktop will go blank as it starts removing Vundo.
  • When completed, it will prompt that it will reboot your computer, click OK.
  • Please post the contents of C:\vundofix.txt and a new HiJackThis log in a reply to this thread.
Note: It is possible that VundoFix encountered a file it could not remove. In this case, VundoFix will run on reboot, simply follow the above instructions starting from "Click the Scan for Vundo button" when VundoFix appears upon rebooting.
__________________
Practice Safe Surfing
Because what you don't know, CAN hurt you.
Proud Member of ASAP since 2005
Proud Member of UNITE since 2006


Please do not ask for help via Private Message.
tetonbob is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Bookmark on Thread SoupReddit!