Looks like you're enjoying the discussion, but you're not signed up for an account. When you create an account, we remember exactly what you've read, so you always come right back where you left off. You also get notifications, here and via email, whenever new posts are made. You can like posts to share the love. 
Join 
This topic is locked
I was experiencing problems with a virus / spyware program that couldn't be deleted by MS Anti Spyware, or any other thing I had tried.
After the reboot of combofix, I didnt get the warning from AVG Anti virus or MS Anti Spyware about the Motopoto or something like that.
Heres my log.
ComboFix 07-12-08.1 - Owner 2001-01-04 23:31:40.1 - NTFSx86
Running from: C:\Documents and Settings\Owner\Desktop\ComboFix.exe
* Created a new restore point
.
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
C:\WINDOWS\system32\kjllm.bak1
C:\WINDOWS\system32\kjllm.bak2
C:\WINDOWS\system32\kjllm.ini
C:\WINDOWS\system32\mlljk.dll
.
((((((((((((((((((((((((((((((((((((((( Drivers/Services )))))))))))))))))))))))))))))))))))))))))))))))))
.
-------\LEGACY_DOMAINSERVICE
-------\DomainService
((((((((((((((((((((((((( Files Created from 2007-11-09 to 2007-12-09 )))))))))))))))))))))))))))))))
.
2007-11-12 12:21 . 2007-11-12 12:21 <DIR> d-------- C:\Program Files\YzShadow
2007-11-12 12:21 . 2007-11-12 12:21 <DIR> d-------- C:\Program Files\WinRoll
2007-11-12 12:21 . 2007-11-12 12:21 <DIR> d-------- C:\Program Files\Tiger System Preferences v2
2007-11-12 12:20 . 2007-11-12 12:20 <DIR> d-------- C:\Program Files\RK Launcher
2007-11-12 12:20 . 2007-11-12 12:20 <DIR> d-------- C:\Program Files\ObjectDock
2007-11-12 12:17 . 2007-12-08 23:42 <DIR> d--h----- C:\WINDOWS\FlyakiteOSX
2007-11-12 12:17 . 2004-08-04 07:00 218,624 --a------ C:\WINDOWS\system32\uxtheme.backup
2007-11-12 10:31 . 2007-11-12 10:31 17 --a------ C:\winamp.ini
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2007-12-03 18:50 --------- d-----w C:\Documents and Settings\Owner\Application Data\AVG7
2007-12-03 04:10 --------- d-----w C:\Documents and Settings\Owner\Application Data\Aim
2007-10-14 06:01 --------- d-----w C:\Documents and Settings\All Users\Application Data\AOL OCP
2007-10-14 05:58 --------- d-----w C:\Documents and Settings\Owner\Application Data\Viewpoint
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"ctfmon.exe"="C:\WINDOWS\system32\ctfmon.exe" [2004-08-04 07:00]
"AIM ®"="C:\Program Files\AIM95\aim.exe" [2002-07-26 15:30]
"RK Launcher"="C:\Program Files\RK Launcher\RKLauncher.exe" [2005-10-19 02:40]
"Alt+Q Hotkey Tool"="C:\WINDOWS\Alt+Q Hotkey.exe" [2005-12-18 14:14]
"Yz Shadow"="C:\Program Files\YzShadow\YzShadow.exe" [2006-02-23 21:51]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"IgfxTray"="C:\WINDOWS\system32\igfxtray.exe" [2004-02-10 10:55]
"HotKeysCmds"="C:\WINDOWS\system32\hkcmd.exe" [2004-02-10 10:51]
"Windows Defender"="C:\Program Files\Windows Defender\MSASCui.exe" [2006-11-03 18:20]
"QuickTime Task"="C:\Program Files\QuickTime\qttask.exe" [2001-01-02 00:00]
"SunJavaUpdateSched"="C:\Program Files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 03:43]
"REGSHAVE"="C:\Program Files\REGSHAVE\REGSHAVE.exe" [2002-02-04 22:32]
"AVG7_CC"="C:\PROGRA~1\Grisoft\AVG7\avgcc.exe" [2007-11-12 10:10]
"System Files Updater"="C:\WINDOWS\FlyakiteOSX\Tools\System Files Updater.exe" [2006-02-25 18:41]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"AVG7_Run"="C:\PROGRA~1\Grisoft\AVG7\avgw.exe" [2007-11-12 10:10]
"DWQueuedReporting"="C:\PROGRA~1\COMMON~1\MICROS~1\DW\dwtrig20.exe" [2007-03-13 15:38]
C:\Documents and Settings\All Users\Start Menu\Programs\Startup\
Wireless Configuration Utility HW.51.lnk - C:\Program Files\802.11 Wireless LAN\802.11g Wireless Cardbus & PCI Adapter HW.51 V1.00\WlanCU.exe [2004-12-15 09:41:28]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\cbxvtqr]
cbxvtqr.dll
R3 W8335XP;IEEE 802.11g Wireless Cardbus/PCI Adapter HW51;C:\WINDOWS\system32\DRIVERS\Mrv8000c.sys
.
Contents of the 'Scheduled Tasks' folder
"2001-01-05 04:25:48 C:\WINDOWS\Tasks\MP Scheduled Scan.job"
- C:\Program Files\Windows Defender\MpCmdRun.exe
.
--------------------- DLLs Loaded Under Running Processes ---------------------
PROCESS: C:\WINDOWS\Explorer.EXE [6.00.2900.2180]
-> C:\DOCUME~1\Owner\LOCALS~1\Temp\cwrulkfq-KEEEEY.dll
.
**************************************************************************
catchme 0.3.1331 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2007-12-08 23:41:58
Windows 5.1.2600 Service Pack 2 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
**************************************************************************
.
Completion time: 2007-12-08 23:45:03 - machine was rebooted
.
--- E O F ---
