Welcome to Tech Support Forum home to more then 136,000 problems solved. Issues have included: Spyware, Malware, Virus Issues, Windows, Microsoft, Linux, Networking, Security, Hardware, and Gaming Getting your problem solved is as easy as:
1. Registering for a free account
2. Asking your question
3. Receiving an answer

Registered members:
* Get free support
* Communicate privately with other members (PM).
* Removal of this message
* See fewer ads.
* And much more..

 


Want to know how to post a question? click here Having problems with spyware and pop-ups? First Steps
Go Back   Tech Support Forum > Security Center > Virus/Trojan/Spyware Help > Resolved HJT Threads
Reload this Page Major Virus/Spyware Problems
User Name
Password
Site Map Register Donate Rules Blogs Mark Forums Read


Resolved HJT Threads Resolved spyware and popup issues.

 
 
LinkBack Thread Tools
Old 10-30-2009, 09:33 AM   #1 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 6
OS: XP Professional


Major Virus/Spyware Problems
I have been having major issues after getting a virus. It initially started as the Security Tool pop ups and I also had some star search bar added to internet explorer. I couldn't open malwarebytes, ad-aware or HiJackThis. I finally was able to manually delete the <numbers>.exe file causing the security tool problem. I was still having problems with pop ups and the anti-virus / malware programs would not run still. Finally got AVG to work and it found a couple of dll files that were infected. Tried to remove them and ended up having to download a program that would delete files on machine startup (couldn't remove them any other way). I also couldn't delete registry keys because they would keep reappearing seconds later.

Finally found this site and downloaded and ran combo fix and wanted to post the log to see what to do next. After the combo fix restarted my computer a rundll message poped up telling me that two dll files could not be found/loaded...I assume they were spyware/malware and were deleted. Sorry for rambling but is has been a long hard fought battle with this darn virus.... Please what to do next? Log file contents pasted below:

ComboFix 09-10-28.08 - chris 10/30/2009 11:02.1.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.3065 [GMT -4:00]
Running from: c:\documents and settings\chris\Desktop\Combo-Fix.exe
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\docume~1\chris\LOCALS~1\Temp\tmp1.tmp
c:\docume~1\chris\LOCALS~1\Temp\tmp2.tmp
c:\documents and settings\chris\Desktop\udolovawubixax.dll
c:\documents and settings\LocalService\Application Data\NetMon
c:\documents and settings\LocalService\Application Data\NetMon\domains.txt
c:\documents and settings\LocalService\Application Data\NetMon\log.txt
c:\documents and settings\NetworkService\Application Data\NetMon
c:\documents and settings\NetworkService\Application Data\NetMon\domains.txt
c:\documents and settings\NetworkService\Application Data\NetMon\log.txt
c:\documents and settings\user\Application Data\WinTouch
c:\documents and settings\user\Application Data\WinTouch\wintouch.cfg
c:\documents and settings\user\Application Data\WinTouch\WinTouch.exe
c:\program files\Protection System
c:\program files\stem32~1
c:\program files\Temporary
c:\program files\WinAble
c:\windows\cookies.ini
c:\windows\msa.exe
c:\windows\msb.exe
c:\windows\run.log
c:\windows\sc.exe
c:\windows\system32\Cache
c:\windows\system32\dasabisi.dll
c:\windows\system32\devajusi.dll
c:\windows\system32\dfhkj.bak1
c:\windows\system32\dfhkj.bak2
c:\windows\system32\dfhkj.ini
c:\windows\system32\fitbksox.ini
c:\windows\system32\hrtaayeq.ini
c:\windows\system32\jvxxjpcd.ini
c:\windows\system32\kanewumu.dll
c:\windows\system32\laxifnva.ini
c:\windows\system32\mkwkbqqh.ini
c:\windows\system32\net.net
c:\windows\system32\noguyiyu.dll
c:\windows\system32\NTSVc.ocx
c:\windows\system32\pewodaju.dll
c:\windows\system32\seruyone.dll
c:\windows\system32\sgwqxkgb.ini
c:\windows\system32\tgttjsfu.ini
c:\windows\system32\vejasoso.dll
c:\windows\system32\xa.tmp
c:\windows\system32\yahosuze.dll
c:\windows\taskmgr.exe
c:\windows\Tasks\hbdzblgt.job

Infected copy of c:\windows\system32\DRIVERS\atapi.sys was found and disinfected
Restored copy from - Kitty ate it :p
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.

-------\Legacy_CMDSERVICE
-------\Legacy_NETWORK_MONITOR
-------\Legacy_{79007602-0CDB-4405-9DBF-1257BB3226ED}


((((((((((((((((((((((((( Files Created from 2009-09-28 to 2009-10-30 )))))))))))))))))))))))))))))))
.

2009-10-30 13:06 . 2009-10-30 13:06 -------- d-----w- c:\documents and settings\chris\Local Settings\Application Data\PCHealth
2009-10-30 04:20 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-30 04:20 . 2009-10-30 04:20 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-30 04:19 . 2009-10-30 04:19 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-30 03:08 . 2009-10-30 03:08 -------- d-----w- c:\program files\GiPo@Utilities
2009-10-30 03:08 . 2009-10-30 03:08 -------- d-----w- c:\program files\Common Files\Gibinsoft Shared
2009-10-29 23:10 . 2009-10-29 23:10 0 ----a-r- c:\windows\Dhaxolacihirew.bin
2009-10-29 23:10 . 2009-10-30 01:11 120 ----a-w- c:\windows\Udefobuhuwonez.dat
2009-10-29 20:39 . 2009-10-29 20:39 -------- d-----w- c:\documents and settings\chris\Application Data\GARMIN
2009-10-29 20:32 . 2009-10-29 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-10-29 18:44 . 2009-10-29 18:48 -------- d-----w- C:\CNNANT2009
2009-10-29 18:44 . 2009-10-29 18:44 -------- d-----w- C:\WebUpdater
2009-10-29 18:44 . 2009-10-29 18:51 -------- d-----w- C:\MapSource
2009-10-29 16:10 . 2009-10-29 16:10 -------- d-----w- c:\program files\Trend Micro
2009-10-29 04:48 . 2009-10-29 04:48 -------- d-----w- c:\documents and settings\chris\Application Data\Malwarebytes
2009-10-29 04:47 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 04:47 . 2009-10-29 16:32 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-29 04:47 . 2009-10-29 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-29 04:47 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys
2009-10-29 03:51 . 2009-10-30 04:22 0 ----a-r- c:\windows\win32k.sys
2009-10-29 03:40 . 2009-10-29 03:40 -------- d-----w- c:\documents and settings\chris\Local Settings\Application Data\{E049AB4B-5A77-4F13-A226-1B7276EAE703}
2009-10-29 03:36 . 2009-10-29 03:36 -------- d-----w- c:\documents and settings\All Users\Application Data\00da785

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-30 14:52 . 2008-06-02 16:14 1136040 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-30 14:06 . 2007-11-05 16:25 101792 ----a-w- c:\documents and settings\chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-30 12:53 . 2007-10-28 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-30 12:29 . 2007-10-23 20:23 154933 ----a-w- c:\windows\system32\nvModes.dat
2009-10-30 04:18 . 2007-11-20 13:19 -------- d-----w- c:\program files\Lavasoft
2009-10-30 04:18 . 2007-11-20 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-30 00:23 . 2007-11-07 03:54 -------- d-----w- c:\documents and settings\chris\Application Data\BitTorrent
2009-10-29 20:19 . 2008-06-02 17:24 -------- d-----w- c:\program files\AutoCAD Civil 3D 2009
2009-10-29 19:35 . 2007-10-31 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-10-29 19:33 . 2007-11-04 03:31 -------- d-----w- c:\program files\Real
2009-10-29 19:33 . 2007-11-04 03:31 -------- d-----w- c:\program files\Common Files\Real
2009-10-29 13:29 . 2008-09-06 16:15 -------- d-----w- c:\documents and settings\chris\Application Data\GoodSync
2009-10-29 03:36 . 2009-10-29 03:36 1 ----a-w- c:\windows\system32\4B7.tmp
2009-10-29 03:36 . 2009-10-29 03:36 52 ----a-w- c:\windows\system32\4B6.tmp
2009-10-21 16:25 . 2007-11-04 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-20 19:59 . 2008-02-12 21:56 -------- d-----w- c:\program files\Hydraflow Storm Sewers Extension for AutoCAD Civil 3D 2008
2009-09-20 19:13 . 2009-09-20 19:13 -------- d-----w- c:\documents and settings\chris\Application Data\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
2009-09-20 19:13 . 2009-09-20 19:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-20 19:13 . 2009-09-20 19:13 -------- d-----w- c:\program files\DIRECTV
2009-09-08 12:13 . 2007-11-05 15:41 -------- d-----w- c:\documents and settings\chris\Application Data\Wave Systems Corp
2009-08-17 21:28 . 2008-07-08 22:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 21:28 . 2008-07-08 22:18 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 21:28 . 2007-11-09 14:23 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-12 12:00 . 2008-08-19 05:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2007-10-29 01:20 . 2007-10-29 01:20 1898 ----a-w- c:\program files\VTPSUHM7.lnk
2008-04-29 01:09 . 2007-10-28 05:03 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-04-29 01:09 . 2007-10-28 05:03 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-29 01:09 . 2007-10-28 05:03 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-04-29 01:09 . 2007-10-28 05:03 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-04-29 01:09 . 2007-10-28 05:03 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
2009-07-30 03:34 . 2009-07-30 03:34 60928 --sha-w- c:\windows\system32\luhonaki.dll
.

------- Sigcheck -------

[-] 1792-10-29 22:16 . 6CD7F13B1F144218B0CBF0FBC8ACC564 . 61952 . . [------] . . c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-06-04 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-16 2025752]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 630784]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"GrooveMonitor"="c:\program files\Microsoft Office\Office12\GrooveMonitor.exe" [2006-10-27 31016]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-23 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 21:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth
Notification Packages REG_MULTI_SZ scecli kapicosr.dll

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Canon iC D800 Status Window.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Canon iC D800 Status Window.LNK
backup=c:\windows\pss\Canon iC D800 Status Window.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile]
"EnableFirewall"= 0 (0x0)

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\MSPUB.EXE"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\WINDOWS\\system32\\KADxMain.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Dell\\QuickSet\\NicConfigSvc.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe"=
"c:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\iFrmewrk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/30/2009 12:20 AM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/8/2008 6:18 PM 335240]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 3:21 PM 79432]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/8/2008 6:17 PM 297752]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 6:00 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 1:32 PM 97536]
S2 gupdate1c9bf712bbd6754;Google Update Service (gupdate1c9bf712bbd6754);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 11:28 AM 133104]
S2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 7:17 AM 1179232]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\chris\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\chris\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [2/22/2008 8:59 AM 142656]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2/22/2008 8:59 AM 7424]
S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2/22/2008 8:59 AM 170368]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - CLASSPNP_2
*NewlyCreated* - MBR
*Deregistered* - CLASSPNP_2
*Deregistered* - mbr
.
Contents of the 'Scheduled Tasks' folder

2009-10-30 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 04:19]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineCore.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 15:28]

2009-10-30 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 15:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://www.starbarsearch.com/?useie5=1&q=
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\biolsp.dll
Trusted Zone: wsscwater.com\www01
DPF: {20DABCB5-AB70-4E2B-BCA9-17155D5CF583} - hxxp://planroom.accu-copy.com/reprocentral/Resources/Help/en/helpLauncher.cab
DPF: {E76A19A9-B579-4FF7-8857-7D79B22F8D45} - hxxp://planroom.accu-copy.com/reprocentral/Resources/BravaClient/en/BravaClientX.cab
FF - ProfilePath - c:\documents and settings\chris\Application Data\Mozilla\Firefox\Profiles\weengg8f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll
FF - HiddenExtension: XULRunner: {E049AB4B-5A77-4F13-A226-1B7276EAE703} - c:\documents and settings\chris\Local Settings\Application Data\{E049AB4B-5A77-4F13-A226-1B7276EAE703}

---- FIREFOX POLICIES ----
FF - user.js: security.checkloaduri - false//created by prizm
.
- - - - ORPHANS REMOVED - - - -

BHO-{7CF3A2CB-F835-4B39-A75C-9C21C5716D00} - c:\windows\system32\jkhfd.dll
BHO-{b0fdb3cf-770b-4210-9341-fad01c1b25de} - vejasoso.dll
BHO-{e3cdbb1b-38ce-47c8-9b67-47a274eae219} - c:\windows\system32\jiohjbwk.dll
HKLM-Run-suyukahuk - c:\windows\system32\pewodaju.dll
HKLM-Run-pejilakamo - dasabisi.dll
SharedTaskScheduler-{72aecee8-060a-47de-b0bf-f14f3ade46fb} - c:\windows\system32\guyubaha.dll
SharedTaskScheduler-{8c3aa696-c2d6-428b-bebc-37244d7f511c} - c:\windows\system32\pewodaju.dll
SSODL-gagezekum-{72aecee8-060a-47de-b0bf-f14f3ade46fb} - c:\windows\system32\guyubaha.dll
SSODL-nonuligeb-{8c3aa696-c2d6-428b-bebc-37244d7f511c} - c:\windows\system32\pewodaju.dll
Notify-efcbcax - efcbcax.dll
AddRemove-Malwarebytes' Anti-Malware_is1 - z:\z-storage\Malwarebytes' Anti-Malware\unins000.exe



**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-10-30 11:12
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'lsass.exe'(1044)
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
c:\windows\kapicosr.dll

- - - - - - - > 'explorer.exe'(1824)
c:\windows\system32\ieframe.dll
c:\windows\system32\hnetcfg.dll
c:\windows\system32\biolsp.dll
c:\windows\kapicosr.dll
.
------------------------ Other Running Processes ------------------------
.
c:\program files\Intel\Wireless\Bin\EvtEng.exe
c:\program files\Intel\Wireless\Bin\S24EvMon.exe
c:\program files\Intel\Wireless\Bin\WLKeeper.exe
c:\windows\System32\SCardSvr.exe
c:\program files\WIDCOMM\Bluetooth Software\bin\btwdins.exe
c:\windows\system32\inetsrv\inetinfo.exe
c:\program files\Dell\QuickSet\NICCONFIGSVC.exe
c:\windows\system32\nvsvc32.exe
c:\windows\system32\HPZipm12.exe
c:\program files\Intel\Wireless\Bin\RegSrvc.exe
c:\windows\system32\StacSV.exe
c:\windows\system32\wdfmgr.exe
c:\program files\AVG\AVG8\avgrsx.exe
c:\windows\system32\msdtc.exe
c:\windows\system32\wscntfy.exe
c:\windows\system32\Rundll32.exe
c:\windows\system32\Rundll32.exe
c:\progra~1\MI3AA1~1\rapimgr.exe
c:\progra~1\WIDCOMM\BLUETO~1\BTSTAC~1.EXE
c:\\?\c:\windows\system32\WBEM\WMIADAP.EXE
.
**************************************************************************
.
Completion time: 2009-10-30 11:15 - machine was rebooted
ComboFix-quarantined-files.txt 2009-10-30 15:15

Pre-Run: 25,115,840,512 bytes free
Post-Run: 32,327,311,360 bytes free

WindowsXP-KB310994-SP2-Pro-BootDisk-ENU.exe
[boot loader]
timeout=2
default=multi(0)disk(0)rdisk(0)partition(2)\WINDOWS
[operating systems]
c:\cmdcons\BOOTSECT.DAT="Microsoft Windows Recovery Console" /cmdcons
multi(0)disk(0)rdisk(0)partition(2)\WINDOWS="Microsoft Windows XP Professional" /noexecute=optin /fastdetect

- - End Of File - - D6BAFA00F21848F90DA56E275523354E
acacia365 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Important Information
Join the #1 Tech Support Forum Today - It's Totally Free!

TechSupportForum.com is a leading support website for your computer needs. We offer free, friendly and personalized computer support. Why pay to have your computer fixed when you can do it for free.

Join TechSupportforum.com Today - Click Here

Old 11-01-2009, 07:42 AM   #2 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,104
OS: XP sp3


Re: Major Virus/Spyware Problems
Hi,

We don't encourage the use of ComboFix unsupervised, it is a very powerful tool. In our first steps guide we ask for Diagnostic logs only.

You took a risk in running ComboFix, fortunately no difficulties arose.

Please do the following:

(note: if ComboFix requests to update - allow it to do so)
  • Very Important! Temporarily disable your anti-virus, script blocking and any anti-malware real-time protection before following the steps below.
  • They can interfere with ComboFix or remove some of its embedded files which may cause "unpredictable results".
Copy/paste the text inside the Codebox below into notepad:

Here's how to do that:
Click Start > Run type Notepad click OK.
This will open an empty notepad file:

Copy all the text inside of the code box - Press Ctrl+C (or right click on the highlighted section and choose 'copy')

Code:
http://www.techsupportforum.com/security-center/virus-trojan-spyware-help/427112-major-virus-spyware-problems.html#post2418055

Collect::
c:\windows\Udefobuhuwonez.dat
c:\windows\system32\luhonaki.dll
c:\windows\kapicosr.dll

File::
c:\windows\Dhaxolacihirew.bin
c:\windows\win32k.sys
c:\windows\system32\4B7.tmp
c:\windows\system32\4B6.tmp

Folder::
c:\documents and settings\chris\Local Settings\Application Data\{E049AB4B-5A77-4F13-A226-1B7276EAE703}
c:\documents and settings\All Users\Application Data\00da785

Registry::
[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
"Notification Packages"=hex(7):73,63,65,63,6c,69,00,00

FireFox::
FF - ProfilePath - c:\documents and settings\chris\Application Data\Mozilla\Firefox\Profiles\weengg8f.default\
FF - HiddenExtension: XULRunner: {E049AB4B-5A77-4F13-A226-1B7276EAE703} - c:\documents and settings\chris\Local Settings\Application Data\{E049AB4B-5A77-4F13-A226-1B7276EAE703}

FCopy::
C:\Windows\System32\logevent.dll | c:\windows\system32\eventlog.dll
Now paste the copied text into the open notepad - press CTRL+V (or right click and choose 'paste')

Save this file to your desktop, Save this as "CFScript"

Here's how to do that:

1.Click File;
2.Click Save As... Change the directory to your desktop;
3.Change the Save as type to "All Files";
4.Type in the file name: CFScript
5.Click Save ...

  • Referring to the screenshot above, drag CFScript.txt into ComboFix.exe.
  • ComboFix will now run a scan on your system. It may reboot your system when it finishes. This is normal.
  • When finished, it shall produce a log for you.
  • Copy and paste the contents of the log in your next reply.

CAUTION: Do not mouse-click ComboFix's window while it is running. That may cause it to stall.

**Note**
When CF finishes running, the ComboFix log will open along with a message box--do not be alarmed. With the above script, ComboFix will capture files to submit for analysis.
  • Ensure you are connected to the internet and click OK on the message box.
__________________


ASAP & UNITE Member
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2009, 07:01 AM   #3 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 6
OS: XP Professional


Re: Major Virus/Spyware Problems
Thank you for your help!! I know I took a risk by runnning the program but I was desperate. I did run the script according to the directions you posted. Afer combo fix was running a file poppped up in notepad that said "upload successful" or something similar. It sat there for a long time while this file was open and did nothing so I powered off the computer and restarted the machine and found the combofix.txt file on the c: drive. Did the program finish running properly?? The results are below:

ComboFix 09-11-01.04 - chris 11/02/2009 8:35.2.2 - NTFSx86
Microsoft Windows XP Professional 5.1.2600.2.1252.1.1033.18.3582.2833 [GMT -5:00]
Running from: c:\documents and settings\chris\Desktop\Combo-Fix.exe
Command switches used :: c:\documents and settings\chris\Desktop\CFScript.txt
AV: AVG Anti-Virus Free *On-access scanning disabled* (Updated) {17DDD097-36FF-435F-9E1B-52D74245D6BF}
* Created a new restore point

FILE ::
"c:\windows\Dhaxolacihirew.bin"
"c:\windows\system32\4B6.tmp"
"c:\windows\system32\4B7.tmp"
"c:\windows\win32k.sys"

file zipped: c:\windows\system32\luhonaki.dll
file zipped: c:\windows\Udefobuhuwonez.dat
.

((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.

c:\documents and settings\All Users\Application Data\00da785
c:\documents and settings\chris\Local Settings\Application Data\{E049AB4B-5A77-4F13-A226-1B7276EAE703}
c:\documents and settings\chris\Local Settings\Application Data\{E049AB4B-5A77-4F13-A226-1B7276EAE703}\chrome.manifest
c:\documents and settings\chris\Local Settings\Application Data\{E049AB4B-5A77-4F13-A226-1B7276EAE703}\chrome\content\_cfg.js
c:\documents and settings\chris\Local Settings\Application Data\{E049AB4B-5A77-4F13-A226-1B7276EAE703}\chrome\content\overlay.xul
c:\documents and settings\chris\Local Settings\Application Data\{E049AB4B-5A77-4F13-A226-1B7276EAE703}\install.rdf
c:\windows\Dhaxolacihirew.bin
c:\windows\system32\4B6.tmp
c:\windows\system32\4B7.tmp
c:\windows\system32\luhonaki.dll
c:\windows\Udefobuhuwonez.dat

.
--------------- FCopy ---------------

c:\windows\System32\logevent.dll --> c:\windows\system32\eventlog.dll
.
((((((((((((((((((((((((( Files Created from 2009-10-02 to 2009-11-02 )))))))))))))))))))))))))))))))
.

2009-11-02 13:35 . 2004-08-04 10:00 55808 ----a-w- c:\windows\system32\eventlog.dll
2009-11-02 13:35 . 2004-08-04 10:00 55808 ----a-w- c:\windows\system32\dllcache\eventlog.dll
2009-10-31 16:52 . 2009-10-31 16:53 -------- d-----w- c:\documents and settings\chris\Local Settings\Application Data\Temp
2009-10-31 03:30 . 2009-10-31 02:55 15880 ----a-w- c:\windows\system32\lsdelete.exe
2009-10-31 02:56 . 2009-09-23 12:55 64288 ----a-w- c:\windows\system32\drivers\Lbd.sys
2009-10-31 02:52 . 2009-10-31 02:52 -------- dc-h--w- c:\documents and settings\All Users\Application Data\{CFBD8779-FAAB-4357-84F2-1EC8619FADA6}
2009-10-30 13:06 . 2009-10-30 13:06 -------- d-----w- c:\documents and settings\chris\Local Settings\Application Data\PCHealth
2009-10-30 04:20 . 2009-10-30 04:20 93360 ----a-w- c:\windows\system32\drivers\SBREDrv.sys
2009-10-30 03:08 . 2009-10-30 03:08 -------- d-----w- c:\program files\GiPo@Utilities
2009-10-30 03:08 . 2009-10-30 03:08 -------- d-----w- c:\program files\Common Files\Gibinsoft Shared
2009-10-29 20:39 . 2009-10-29 20:39 -------- d-----w- c:\documents and settings\chris\Application Data\GARMIN
2009-10-29 20:32 . 2009-10-29 20:32 -------- d-----w- c:\documents and settings\All Users\Application Data\F-Secure
2009-10-29 18:44 . 2009-10-29 18:48 -------- d-----w- C:\CNNANT2009
2009-10-29 18:44 . 2009-10-29 18:44 -------- d-----w- C:\WebUpdater
2009-10-29 18:44 . 2009-10-29 18:51 -------- d-----w- C:\MapSource
2009-10-29 16:10 . 2009-10-29 16:10 -------- d-----w- c:\program files\Trend Micro
2009-10-29 04:48 . 2009-10-29 04:48 -------- d-----w- c:\documents and settings\chris\Application Data\Malwarebytes
2009-10-29 04:47 . 2009-09-10 18:54 38224 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-10-29 04:47 . 2009-10-31 03:50 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-10-29 04:47 . 2009-10-29 04:47 -------- d-----w- c:\documents and settings\All Users\Application Data\Malwarebytes
2009-10-29 04:47 . 2009-09-10 18:53 19160 ----a-w- c:\windows\system32\drivers\mbam.sys

.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-10-31 02:52 . 2007-11-20 13:19 -------- d-----w- c:\program files\Lavasoft
2009-10-31 02:52 . 2007-11-20 13:19 -------- d-----w- c:\documents and settings\All Users\Application Data\Lavasoft
2009-10-31 02:47 . 2008-06-02 16:14 1338192 ----a-w- c:\documents and settings\LocalService\Local Settings\Application Data\FontCache3.0.0.0.dat
2009-10-30 14:06 . 2007-11-05 16:25 101792 ----a-w- c:\documents and settings\chris\Local Settings\Application Data\GDIPFONTCACHEV1.DAT
2009-10-30 12:53 . 2007-10-28 13:31 -------- d-----w- c:\documents and settings\All Users\Application Data\Microsoft Help
2009-10-30 12:29 . 2007-10-23 20:23 154933 ----a-w- c:\windows\system32\nvModes.dat
2009-10-30 00:23 . 2007-11-07 03:54 -------- d-----w- c:\documents and settings\chris\Application Data\BitTorrent
2009-10-29 20:19 . 2008-06-02 17:24 -------- d-----w- c:\program files\AutoCAD Civil 3D 2009
2009-10-29 19:35 . 2007-10-31 12:34 -------- d-----w- c:\documents and settings\All Users\Application Data\BVRP Software
2009-10-29 19:33 . 2007-11-04 03:31 -------- d-----w- c:\program files\Real
2009-10-29 19:33 . 2007-11-04 03:31 -------- d-----w- c:\program files\Common Files\Real
2009-10-29 13:29 . 2008-09-06 16:15 -------- d-----w- c:\documents and settings\chris\Application Data\GoodSync
2009-10-21 16:25 . 2007-11-04 15:15 -------- d-----w- c:\documents and settings\All Users\Application Data\FLEXnet
2009-10-20 19:59 . 2008-02-12 21:56 -------- d-----w- c:\program files\Hydraflow Storm Sewers Extension for AutoCAD Civil 3D 2008
2009-09-20 19:13 . 2009-09-20 19:13 -------- d-----w- c:\documents and settings\chris\Application Data\com.directv.supercast.AA1ECC8BBAFE4E1BBF2D418DC006AF207FACE6CA.1
2009-09-20 19:13 . 2009-09-20 19:13 -------- d-----w- c:\program files\Common Files\Adobe AIR
2009-09-20 19:13 . 2009-09-20 19:13 -------- d-----w- c:\program files\DIRECTV
2009-09-08 12:13 . 2007-11-05 15:41 -------- d-----w- c:\documents and settings\chris\Application Data\Wave Systems Corp
2009-08-17 21:28 . 2008-07-08 22:18 11952 ----a-w- c:\windows\system32\avgrsstx.dll
2009-08-17 21:28 . 2008-07-08 22:18 335240 ----a-w- c:\windows\system32\drivers\avgldx86.sys
2009-08-17 21:28 . 2007-11-09 14:23 27784 ----a-w- c:\windows\system32\drivers\avgmfx86.sys
2009-08-12 12:00 . 2008-08-19 05:34 664 ----a-w- c:\windows\system32\d3d9caps.dat
2007-10-29 01:20 . 2007-10-29 01:20 1898 ----a-w- c:\program files\VTPSUHM7.lnk
2008-04-29 01:09 . 2007-10-28 05:03 67696 ----a-w- c:\program files\mozilla firefox\components\jar50.dll
2008-04-29 01:09 . 2007-10-28 05:03 54376 ----a-w- c:\program files\mozilla firefox\components\jsd3250.dll
2008-04-29 01:09 . 2007-10-28 05:03 34952 ----a-w- c:\program files\mozilla firefox\components\myspell.dll
2008-04-29 01:09 . 2007-10-28 05:03 46720 ----a-w- c:\program files\mozilla firefox\components\spellchk.dll
2008-04-29 01:09 . 2007-10-28 05:03 172144 ----a-w- c:\program files\mozilla firefox\components\xpinstal.dll
.

((((((((((((((((((((((((((((( SnapShot@2009-10-30_15.12.47 )))))))))))))))))))))))))))))))))))))))))
.
+ 2004-08-11 22:00 . 2009-11-02 12:17 80294 c:\windows\system32\perfc009.dat
- 2004-08-11 22:00 . 2009-10-30 15:05 80294 c:\windows\system32\perfc009.dat
- 2009-10-30 04:20 . 2009-09-23 12:55 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
+ 2009-10-31 02:56 . 2009-09-23 12:55 64288 c:\windows\system32\DRVSTORE\lbd_B425E86B28F27CC7F4A0CAF275F9F2789F3C6909\Lbd.sys
- 2007-10-26 20:51 . 2009-10-30 15:01 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-26 20:51 . 2009-10-31 03:37 32768 c:\windows\system32\config\systemprofile\Local Settings\Temporary Internet Files\Content.IE5\index.dat
+ 2007-10-26 20:51 . 2009-10-31 03:37 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
- 2007-10-26 20:51 . 2009-10-30 15:01 32768 c:\windows\system32\config\systemprofile\Local Settings\History\History.IE5\index.dat
+ 2009-10-31 03:37 . 2009-10-31 03:37 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
- 2007-10-26 20:51 . 2009-10-30 15:01 16384 c:\windows\system32\config\systemprofile\Cookies\index.dat
+ 2009-10-31 16:53 . 2009-10-31 16:53 22528 c:\windows\Installer\e47c43.msi
- 2004-08-11 22:00 . 2009-10-30 15:05 474178 c:\windows\system32\perfh009.dat
+ 2004-08-11 22:00 . 2009-11-02 12:17 474178 c:\windows\system32\perfh009.dat
+ 2009-06-18 15:02 . 2009-11-02 12:13 202231 c:\windows\system32\inetsrv\MetaBase.bin
+ 2009-10-31 02:52 . 2009-10-31 02:52 1861120 c:\windows\Installer\350d8.msi
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4

[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"H/PC Connection Agent"="c:\program files\Microsoft ActiveSync\wcescomm.exe" [2006-11-13 1289000]

[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IntelZeroConfig"="c:\program files\Intel\Wireless\bin\ZCfgSvc.exe" [2007-02-21 819200]
"IntelWireless"="c:\program files\Intel\Wireless\Bin\ifrmewrk.exe" [2007-02-21 970752]
"CanonMyPrinter"="c:\program files\Canon\MyPrinter\BJMyPrt.exe" [2007-04-04 1603152]
"Synchronization Manager"="c:\windows\system32\mobsync.exe" [2004-08-04 143360]
"V0350Mon.exe"="c:\windows\V0350Mon.exe" [2007-06-04 32768]
"AVG8_TRAY"="c:\progra~1\AVG\AVG8\avgtray.exe" [2009-10-16 2025752]
"BrMfcWnd"="c:\program files\Brother\Brmfcmon\BrMfcWnd.exe" [2007-03-05 630784]
"PPort11reminder"="c:\program files\ScanSoft\PaperPort\Ereg\Ereg.exe" [2007-02-01 255528]
"Malwarebytes Anti-Malware (reboot)"="c:\program files\Malwarebytes' Anti-Malware\mbam.exe" [2009-09-10 1312080]

c:\documents and settings\All Users\Start Menu\Programs\Startup\
Bluetooth.lnk - c:\program files\WIDCOMM\Bluetooth Software\BTTray.exe [2006-5-24 622653]
Digital Line Detect.lnk - c:\program files\Digital Line Detect\DLG.exe [2007-10-23 50688]

[HKEY_LOCAL_MACHINE\software\microsoft\windows\currentversion\policies\explorer]
"NoWelcomeScreen"= 1 (0x1)

[HKEY_CURRENT_USER\software\microsoft\windows\currentversion\policies\explorer]
"DisablePersonalDirChange"= 1 (0x1)

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\avgrsstarter]
2009-08-17 21:28 11952 ----a-w- c:\windows\system32\avgrsstx.dll

[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\windows]
"AppInit_DLLs"=c:\windows\system32\wxvault.dll

[HKEY_LOCAL_MACHINE\system\currentcontrolset\control\lsa]
Authentication Packages REG_MULTI_SZ msv1_0 wvauth

[HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\SafeBoot\Minimal\Lavasoft Ad-Aware Service]
@="Service"

[HKLM\~\startupfolder\C:^Documents and Settings^All Users^Start Menu^Programs^Startup^Canon iC D800 Status Window.LNK]
path=c:\documents and settings\All Users\Start Menu\Programs\Startup\Canon iC D800 Status Window.LNK
backup=c:\windows\pss\Canon iC D800 Status Window.LNKCommon Startup

[HKLM\~\startupfolder\C:^Documents and Settings^user^Start Menu^Programs^Startup^OneNote 2007 Screen Clipper and Launcher.lnk]
path=c:\documents and settings\user\Start Menu\Programs\Startup\OneNote 2007 Screen Clipper and Launcher.lnk
backup=c:\windows\pss\OneNote 2007 Screen Clipper and Launcher.lnkStartup

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\OUTLOOK.EXE"=
"c:\program files\Microsoft ActiveSync\rapimgr.exe"= c:\program files\Microsoft ActiveSync\rapimgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync RAPI Manager
"c:\program files\Microsoft ActiveSync\wcescomm.exe"= c:\program files\Microsoft ActiveSync\wcescomm.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Connection Manager
"c:\program files\Microsoft ActiveSync\WCESMgr.exe"= c:\program files\Microsoft ActiveSync\WCESMgr.exe:169.254.2.0/255.255.255.0:Enabled:ActiveSync Application
"c:\\Program Files\\BitTorrent_DNA\\dna.exe"=
"c:\\Program Files\\BitTorrent\\bittorrent.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\GROOVE.EXE"=
"c:\\Program Files\\Microsoft Office\\Office12\\ONENOTE.EXE"=
"c:\\Program Files\\TVUPlayer\\TVUPlayer.exe"=
"c:\\Program Files\\TVAnts\\Tvants.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqscnvw.exe"=
"c:\\Program Files\\HP\\Digital Imaging\\bin\\hpqkygrp.exe"=
"c:\\Program Files\\Microsoft Office\\Office12\\MSPUB.EXE"=
"c:\\Program Files\\Microsoft Office\\Live Meeting 8\\Console\\PWConsole.exe"=
"c:\\Program Files\\AVG\\AVG8\\avgupd.exe"=
"c:\\Program Files\\SopCast\\adv\\SopAdver.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\Program Files\\SopCast\\SopCast.exe"=
"c:\\WINDOWS\\system32\\HPZipm12.exe"=
"c:\\WINDOWS\\system32\\KADxMain.exe"=
"c:\\WINDOWS\\system32\\mshta.exe"=
"c:\\Program Files\\Dell\\QuickSet\\NicConfigSvc.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\RegSrvc.exe"=
"c:\\Program Files\\Internet Explorer\\Connection Wizard\\icwconn1.exe"=
"c:\\Program Files\\WIDCOMM\\Bluetooth Software\\bin\\btwdins.exe"=
"c:\\Program Files\\Intel\\Wireless\\Bin\\iFrmewrk.exe"=

[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"26675:TCP"= 26675:TCP:169.254.2.0/255.255.255.0:Enabled:ActiveSync Service

R0 Lbd;Lbd;c:\windows\system32\drivers\Lbd.sys [10/30/2009 9:56 PM 64288]
R1 AvgLdx86;AVG AVI Loader Driver x86;c:\windows\system32\drivers\avgldx86.sys [7/8/2008 5:18 PM 335240]
R2 ASFIPmon;Broadcom ASF IP and SMBIOS Mailbox Monitor;c:\program files\Broadcom\ASFIPMon\AsfIpMon.exe [12/19/2006 2:21 PM 79432]
R2 avg8wd;AVG8 WatchDog;c:\progra~1\AVG\AVG8\avgwdsvc.exe [7/8/2008 5:17 PM 297752]
R2 Lavasoft Ad-Aware Service;Lavasoft Ad-Aware Service;c:\program files\Lavasoft\Ad-Aware\AAWService.exe [9/24/2009 6:17 AM 1179232]
R2 Wave UCSPlus;Wave UCSPlus;c:\windows\system32\dllhost.exe [8/11/2004 5:00 PM 5120]
R3 DXEC01;DXEC01;c:\windows\system32\drivers\dxec01.sys [11/2/2006 12:32 PM 97536]
S2 gupdate1c9bf712bbd6754;Google Update Service (gupdate1c9bf712bbd6754);c:\program files\Google\Update\GoogleUpdate.exe [4/17/2009 10:28 AM 133104]
S3 F-Secure Standalone Minifilter;F-Secure Standalone Minifilter;\??\c:\docume~1\chris\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys --> c:\docume~1\chris\LOCALS~1\Temp\OnlineScanner\Anti-Virus\fsgk.sys [?]
S3 VF0350Afx;VF0350 Audio FX;c:\windows\system32\drivers\V0350Afx.sys [2/22/2008 7:59 AM 142656]
S3 VF0350Vfx;VF0350 Video FX;c:\windows\system32\drivers\V0350Vfx.sys [2/22/2008 7:59 AM 7424]
S3 VF0350Vid;Live! Cam Video IM (VF0350);c:\windows\system32\drivers\V0350Vid.sys [2/22/2008 7:59 AM 170368]

--- Other Services/Drivers In Memory ---

*NewlyCreated* - PROCEXP113
*Deregistered* - mbr
*Deregistered* - PROCEXP113
.
Contents of the 'Scheduled Tasks' folder

2009-11-02 c:\windows\Tasks\Ad-Aware Update (Weekly).job
- c:\program files\Lavasoft\Ad-Aware\Ad-AwareAdmin.exe [2009-10-01 02:53]

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineCore1ca5a4aa2b06c52.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 15:28]

2009-10-31 c:\windows\Tasks\GoogleUpdateTaskMachineUA.job
- c:\program files\Google\Update\GoogleUpdate.exe [2009-04-17 15:28]
.
.
------- Supplementary Scan -------
.
uStart Page = hxxp://www.yahoo.com/
mStart Page = hxxp://www.yahoo.com
mSearch Bar = hxxp://www.starbarsearch.com/?useie5=1&q=
IE: Append to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert link target to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert link target to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert selected links to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECaptureSelLinks.html
IE: Convert selected links to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppendSelLinks.html
IE: Convert selection to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: Convert selection to existing PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIEAppend.html
IE: Convert to Adobe PDF - c:\program files\Adobe\Acrobat 8.0\Acrobat\AcroIEFavClient.dll/AcroIECapture.html
IE: E&xport to Microsoft Excel - c:\progra~1\MICROS~2\Office12\EXCEL.EXE/3000
IE: Send to &Bluetooth Device... - c:\program files\WIDCOMM\Bluetooth Software\btsendto_ie_ctx.htm
LSP: c:\windows\system32\biolsp.dll
Trusted Zone: wsscwater.com\www01
DPF: {20DABCB5-AB70-4E2B-BCA9-17155D5CF583} - hxxp://planroom.accu-copy.com/reprocentral/Resources/Help/en/helpLauncher.cab
DPF: {E76A19A9-B579-4FF7-8857-7D79B22F8D45} - hxxp://planroom.accu-copy.com/reprocentral/Resources/BravaClient/en/BravaClientX.cab
FF - ProfilePath - c:\documents and settings\chris\Application Data\Mozilla\Firefox\Profiles\weengg8f.default\
FF - prefs.js: browser.startup.homepage - hxxp://www.yahoo.com
FF - component: c:\program files\AVG\AVG8\Firefox\components\avgssff.dll
FF - component: c:\program files\Mozilla Firefox\components\xpinstal.dll

---- FIREFOX POLICIES ----
FF - user.js: security.checkloaduri - false//created by prizm
.

**************************************************************************

catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-11-02 08:41
Windows 5.1.2600 Service Pack 2 NTFS

scanning hidden processes ...

scanning hidden autostart entries ...

scanning hidden files ...

scan completed successfully
hidden files: 0

**************************************************************************
.
--------------------- DLLs Loaded Under Running Processes ---------------------

- - - - - - - > 'winlogon.exe'(808)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll

- - - - - - - > 'lsass.exe'(868)
c:\windows\system32\wxvault.dll
c:\windows\system32\detoured.dll
c:\windows\system32\wvauth.dll
c:\windows\system32\biolsp.dll
.
Completion time: 2009-11-02 8:42
ComboFix-quarantined-files.txt 2009-11-02 13:42
ComboFix2.txt 2009-10-30 15:16

Pre-Run: 33,516,605,440 bytes free
Post-Run: 34,094,551,040 bytes free

- - End Of File - - 7DD71A1AC2BB2767A5D65179D3DECE11
Upload was successful
acacia365 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2009, 10:18 AM   #4 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,104
OS: XP sp3


Re: Major Virus/Spyware Problems
Hi,

ComboFix ran correctly:

Please open your MalwareBytes Program and run it. Allow it to delete anything detected and post the log.

If it is still locked down...do the following:

Download Inherit and save it to your desk top
Drag each of the exe files that you are unable to run into Inherit.exe (must be the exe - not the shortcut) (MBAM.exe)
Then wait for it to say "OK"


NEXT

Do the following


Using Internet Explorer or Firefox, visit Kaspersky On-line Scanner

1. Click Accept, when prompted to download and install the program files and database of malware definitions.
2. To optimize scanning time and produce a more sensible report for review:
  • Close any open programs
  • Turn off the real time scanner of any existing antivirus program while performing the online scan
3. Click Run at the Security prompt.
The program will then begin downloading and installing and will also update the database.
Please be patient as this can take quite a long time to download.
  • Once the update is complete, click on My Computer under the green Scan bar to the left to start the scan.
  • Once the scan is complete, it will display if your system has been infected. It does not provide an option to clean/disinfect. We only require a report from it.
  • Do NOT be alarmed by what you see in the report. Many of the finds have likely been quarantined.
  • Click View scan report at the bottom.


  • Click the Save as Text button to save the file to your desktop so that you may post it in your next reply
__________________


ASAP & UNITE Member
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2009, 02:09 PM   #5 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 6
OS: XP Professional


Re: Major Virus/Spyware Problems
Currently running the kapersky test...

At last...I may be getting close to being free from this thing!! Thank you!

below is the malwarebytes scan:

Malwarebytes' Anti-Malware 1.41
Database version: 3064
Windows 5.1.2600 Service Pack 2

11/2/2009 2:56:40 PM
mbam-log-2009-11-02 (14-56-40).txt

Scan type: Full Scan (C:\|)
Objects scanned: 236419
Time elapsed: 40 minute(s), 43 second(s)

Memory Processes Infected: 0
Memory Modules Infected: 0
Registry Keys Infected: 0
Registry Values Infected: 0
Registry Data Items Infected: 0
Folders Infected: 0
Files Infected: 0

Memory Processes Infected:
(No malicious items detected)

Memory Modules Infected:
(No malicious items detected)

Registry Keys Infected:
(No malicious items detected)

Registry Values Infected:
(No malicious items detected)

Registry Data Items Infected:
(No malicious items detected)

Folders Infected:
(No malicious items detected)

Files Infected:
(No malicious items detected)
acacia365 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-02-2009, 06:24 PM   #6 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 6
OS: XP Professional


Re: Major Virus/Spyware Problems
Results from Kaspersky:

--------------------------------------------------------------------------------
KASPERSKY ONLINE SCANNER 7.0: scan report
Monday, November 2, 2009
Operating system: Microsoft Windows XP Professional Service Pack 2 (build 2600)
Kaspersky Online Scanner version: 7.0.26.13
Last database update: Monday, November 02, 2009 20:50:32
Records in database: 3115501
--------------------------------------------------------------------------------

Scan settings:
scan using the following database: extended
Scan archives: yes
Scan e-mail databases: yes

Scan area - My Computer:
C:\
D:\
E:\
Z:\

Scan statistics:
Objects scanned: 130667
Threats found: 11
Infected objects found: 16
Suspicious objects found: 0
Scan duration: 03:05:36


File name / Infected: / Threats count
C:\Documents and Settings\user\Application Data\Sun\Java\Deployment\cache\javapi\v1.0\jar\jvmimpro.jar-6b13a7e7-74d12ae4.zip Infected: Exploit.Java.Gimsh.b 1
C:\Qoobox\Quarantine\C\WINDOWS\msa.exe.vir Infected: Trojan.Win32.FraudPack.yei 1
C:\Qoobox\Quarantine\C\WINDOWS\msb.exe.vir Infected: Packed.Win32.Krap.ag 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\drivers\atapi.sys.vir Infected: Rootkit.Win32.TDSS.u 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\kanewumu.dll.vir Infected: Packed.Win32.Katusha.g 1
C:\Qoobox\Quarantine\C\WINDOWS\system32\yahosuze.dll.vir Infected: Packed.Win32.Katusha.g 1
C:\RECYCLER\S-1-5-21-2093929306-1318401717-3400091574-1006\Dc5\Content.IE5\ATUNA1IJ\ctxad-572[1].0000 Infected: Backdoor.Win32.Small.fmd 1
C:\RECYCLER\S-1-5-21-2093929306-1318401717-3400091574-1006\Dc5\Content.IE5\IJOLA5U7\gepj[1] Infected: Trojan.Win32.Monder.gen 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000054.exe Infected: Trojan.Win32.FraudPack.yei 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000055.exe Infected: Packed.Win32.Krap.ag 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000063.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP1\A0000073.dll Infected: Packed.Win32.Katusha.g 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0000352.exe Infected: not-a-virus:PSWTool.Win32.RAS.g 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0000352.exe Infected: not-a-virus:PSWTool.Win32.RAS.a 1
C:\System Volume Information\_restore{46DE8921-1D39-44D2-A9E9-64119261F211}\RP2\A0000353.exe Infected: Trojan-Downloader.Win32.PurityScan.ff 1
C:\WINDOWS\SC.INS Infected: Trojan.Win32.Pasta.dgz 1

Selected area has been scanned.
acacia365 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2009, 05:35 PM   #7 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,104
OS: XP sp3


Re: Major Virus/Spyware Problems
Hi,

Please do the following:

Clear Sun Jave cache

Go into the Control Panel and double-click the Java Icon. (looks like a coffee cup) If you do not see the icon, look to your left and click 'Switch to Classic View'.
  • On the General tab, under Temporary Internet Files, click the Settings button.
  • Next, click on the Delete Files button
  • There are two options in the window to clear the cache - Leave BOTH Checked
    • Applications and Applets
      Trace and Log Files
  • Click OK on Delete Temporary Files Window
    Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
  • Click OK to leave the Temporary Files Window
  • Click OK to leave the Java Control Panel.


NEXT
  1. Go to Start->Run and type in notepad and hit OK.
  2. Then copy and paste the content of the following codebox into Notepad:

    Code:
    @echo off
if exist results.txt del results.txt
FOR %%H IN (
"C:\RECYCLER\S-1-5-21-2093929306-1318401717-3400091574-1006\Dc5\Content.IE5\ATUNA1IJ\ctxad-572[1].0000"
"C:\RECYCLER\S-1-5-21-2093929306-1318401717-3400091574-1006\Dc5\Content.IE5\IJOLA5U7\gepj[1]"
"C:\WINDOWS\SC.INS"
) DO (
attrib -r -h -s %%H
del /q /f %%H >> results.txt 2>>&1
)
start notepad results.txt
del %0
  3. Save the file to your DESKTOP as "find.bat". Make sure to save it with the quotes.
  4. Once saved, the icon to click should look like this on your desktop:


  5. Double click find.bat. to run it. A small black box should open and close - this is normal.
  6. Please post the content of results.txt


NEXT

Please download DDS from LINK 1 or LINK 2
and save it to your desktop.
  • Disable any script blocking protection
  • Double click dds.pif to run the tool.
  • When done, two DDS.txt's will open.
  • Save both reports to your desktop.
---------------------------------------------------
Please include the contents of the following in your next reply:

DDS.txt
Attach.txt.
__________________


ASAP & UNITE Member
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-03-2009, 08:23 PM   #8 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 6
OS: XP Professional


Re: Major Virus/Spyware Problems
Thank you again for your help. The results from runnning the "find.bat" were empty and nothing was in it. The results from the other two are attached per the results instructions.
Attached Files
File Type: zip DDS.zip (5.1 KB, 1 views)
File Type: zip Attach.zip (5.4 KB, 2 views)
acacia365 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-04-2009, 03:00 AM   #9 (permalink)
Analyst, Security Team
 
CatByte's Avatar
 
Join Date: Jan 2009
Location: Canada
Posts: 2,104
OS: XP sp3


Re: Major Virus/Spyware Problems
Hi,

Your logs are clean,

Just some housekeeping to do now,

Please do the following:


Your Java is out of date. Older versions have vulnerabilities that malware can use to infect your system.
Please follow these steps to remove older version Java components and update.
  • Download the latest version of Java Runtime Environment (JRE) 6 and save it to your desktop.
  • Scroll down to where it says "Java SE Runtime Environment (JRE) 6 Update 17. The Java SE Runtime Environment (JRE) allows end-users to run Java applications."
  • Click the "Download" button to the right.
  • Select the Windows platform from the dropdown menu.
  • Read the License Agreement and then check the box that says: " I agree to the Java SE Runtime Environment 6 with JavaFX License Agreement". Click on Continue.The page will refresh.
  • Click on the link to download Windows Offline Installation and save the file to your desktop.
  • Close any programs you may have running - especially your web browser.
  • Now go to Start > Settings > Control Panel, double-click on Add/Remove Programs and remove all older versions of Java.
  • Check (highlight) any item with Java Runtime Environment (JRE or J2SE or Java(TM) 6) in the name.
  • Click the Remove or Change/Remove button.
  • Repeat as many times as necessary to remove each Java version.
  • Reboot your computer once all Java components are removed.
  • Then from your desktop double-click on jre-6u17-windows-i586-p.exe to install the newest version.
  • After the install is complete, go into the Control Panel (using Classic View) and double-click the Java Icon. (looks like a coffee cup)
    • On the General tab, under Temporary Internet Files, click the Settings button.
    • Next, click on the Delete Files button
    • There are two options in the window to clear the cache - Leave BOTH Checked
      • Applications and AppletsTrace and Log Files
    • Click OK on Delete Temporary Files Window

      Note: This deletes ALL the Downloaded Applications and Applets from the CACHE.
    • Click OK to leave the Temporary Files Window
    • Click OK to leave the Java Control Panel.



NEXT

You can delete the DDS folder from your desktop.


NEXT

Follow these steps to uninstall Combofix
  • Click START then RUN
  • Now type Combofix /uninstall in the runbox and click OK. Note the space between the ..X and the /U, it needs to be there.





Should you wish to contribute to the ongoing development of ComboFix, donations are being accepted via PayPal.

NEXT


Below I have included a number of recommendations for how to protect your computer against malware infections.
  • It is good security practice to change your passwords to all your online accounts on a fairly regular basis, this is especially true after an infection. Refer to this Microsoft article
    Strong passwords: How to create and use them     Then consider a password keeper, to keep all your passwords safe.

  • Keep Windows updated by regularly checking their website at :
    http://windowsupdate.microsoft.com/
    This will ensure your computer has always the latest security updates available installed on your computer.

  • SpywareBlaster protects against bad ActiveX, it immunizes your PC against them.

  • SpywareGuard offers realtime protection from spyware installation attempts. Make sure you are only running one real-time anti-spyware protection program ( eg : TeaTimer, Windows Defender ) or there will be a conflict.

  • Make Internet Explorer more secure
    • Click Start > Run
    • Type Inetcpl.cpl & click OK
    • Click on the Security tab
    • Click Reset all zones to default level
    • Make sure the Internet Zone is selected & Click Custom level
    • In the ActiveX section, set the first two options ("Download signed and unsigned ActiveX controls) to "Prompt", and ("Initialize and Script ActiveX controls not marked as safe") to "Disable".
    • Next Click OK, then Apply button and then OK to exit the Internet Properties page.
  • ATF Cleaner - Cleans temporary files from IE and Windows, empties the recycle bin and more. Great tool to help speed up your computer and knock out those nasties that like to reside in the temp folders.

  • MVPS Hosts file replaces your current HOSTS file with one containing well known ad sites and other bad sites. Basically, this prevents your computer from connecting to those sites by redirecting them to 127.0.0.1 which is your local computer, meaning it will be difficult to infect yourself in the future.

    WOT, Web of Trust, warns you about risky websites that try to scam visitors, deliver malware or send spam. Protect your computer against online threats by using WOT as your front-line layer of protection when browsing or searching in unfamiliar territory. WOT's color-coded icons show you ratings for 21 million websites, helping you avoid the dangerous sites:
    • Green to go
    • Yellow for caution
    • Red to stop
    WOT has an addon available for both Firefox and IE

  • For Firefox, I highly recommend this add-on to keep your PC even more secure.
    • NoScript - for blocking ads and other potential website attacks
  • Keep a backup of your important files - Now, more than ever, it's especially important to protect your digital files and memories. This article is full of good information on alternatives for home backup solutions.
  • ERUNT (Emergency Recovery Utility NT) allows you to keep a complete backup of your registry and restore it when needed. The standard registry backup options that come with Windows back up most of the registry but not all of it. ERUNT however creates a complete backup set, including the Security hive and user related sections. ERUNT is easy to use and since it creates a full backup, there are no options or choices other than to select the location of the backup files. The backup set includes a small executable that will launch the registry restore if needed.
  • In light of your recent issue, I'm sure you'd like to avoid any future infections. Please take a look at these well written articles:
    Think Prevention.
    PC Safety and Security--What Do I Need?.


**Be very wary with any security software that is advertised in popups or in other ways. They are not only usually of no use, but often have malware in them.


Thank you for your patience, and performing all of the procedures requested.

Please respond one last time so we can consider the thread resolved and close it, thank-you.
__________________


ASAP & UNITE Member
Last edited by CatByte; 11-04-2009 at 03:18 AM.
CatByte is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-04-2009, 05:58 AM   #10 (permalink)
Registered User
 
Join Date: Oct 2009
Posts: 6
OS: XP Professional


Re: Major Virus/Spyware Problems
Thank you tremendously for your help and assistance!! I have completed all of the above steps and will be looking into the recommendations for future protection later today. Thanks again to you and this wonderful website!
acacia365 is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
Old 11-07-2009, 03:42 AM   #11 (permalink)
Moderator, Analyst, Security Team ; Rangemaster, TSF Academy
 
amateur's Avatar
 
Join Date: Jun 2006
Location: USA
Posts: 7,405
OS: XP SP3


Re: Major Virus/Spyware Problems
Since this issue appears resolved, this topic will now be archived. If you need continued support, please begin a new thread, and provide a link to this topic. This applies only to the original topic starter. Everyone else please begin a New Topic, after following the steps outlined here:

http://www.techsupportforum.com/secu...oval-help.html
__________________
My services are free. However, you can donate to TSF to help keep it running.




Member of ASAP since 2005
Member of UNITE since 2006
amateur is offline  
Digg this Post!Add Post to del.icio.usBookmark Post in TechnoratiFurl this Post!Reddit!
 

« Previous Thread | Next Thread »

Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off



All times are GMT -7. The time now is 07:18 PM.

Contact Us - Tech Support Forum - Archive - Privacy Statement - Top


Copyright 2001 - 2009, Tech Support Forum
Home Tips Plus | Outdoor Basecamp | Automotive Support Forum

1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67 68 69 70 71 72 73 74 75 76 77 78 79 80 81 82 83 84 85